tcp permit any any eq telnet will match all the packets that have 23 in their DESTINATION port.
You ll never match "both" traffic as you think. Yo ll match traffic that's going from a client with a dynamic port to a Server that is listening on port 23! HTH 2011/6/17 Alef <[email protected]> > Maybe a bit of ignorant question; but i always used to think that > access-list 170 permit tcp any any telnet > > would cover telnet both ways. i.e. it does not matter which range is any so > it can from *inside* your network our *outside* your network, still going to > the same destination telnet port > > but it seems for return traffic we also need to define > access-list 170 permit tcp any eq telnet any > > why? the source port is dynamic right ? why would that need to be > specified? it would not be 23 so what's the point? > > Can anyone enlighten me ? > > Kind regards, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Nicolas MICHEL Ingenieur Réseaux et Securité (CCNA/CCNP) _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
