If you applied "access-list 170 permit tcp any any telnet" inbound on the inside interface then telnet to the outside would succeed. It would also work applied outbound on the outside interface. If you start to apply ACLs in the reverse direction (inbound on the outside interface or outbound on the inside) you'd need to use "access-list 170 permit tcp any eq telnet any" instead.
On Fri, Jun 17, 2011 at 2:41 PM, Alef <[email protected]> wrote: > Maybe a bit of ignorant question; but i always used to think that > access-list 170 permit tcp any any telnet > > would cover telnet both ways. i.e. it does not matter which range is any so > it can from *inside* your network our *outside* your network, still going to > the same destination telnet port > > but it seems for return traffic we also need to define > access-list 170 permit tcp any eq telnet any > > why? the source port is dynamic right ? why would that need to be > specified? it would not be 23 so what's the point? > > Can anyone enlighten me ? > > Kind regards, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Jay Taylor CCIE #28391 @JTIE_6EE7 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
