Re: permit ip any any [7:13686]

Wed, 25 Jul 2001 15:06:14 -0700 

Hi,

It would depend on where you put the access-list.  For example if you put
this on the WAN side of your router without specifying "incoming" in the
access-group statement the it would surely fail.

For this access-list to work in an outgoing direction it would need to be on
the Ethernet.

My guess is that this is the issue in otherwords the access-list is facing
the wrong way when applied.

Just a thought,

Teunis,
Hobart, Tasmania
Australia


On Tuesday, July 24, 2001 at 10:41:44 PM, Guy Russell wrote:

> Im not sure what you mean by shutting down the ports, but dont forget the
> implicit deny that is not seen... denying all!!!!
> 
> can you access the web or mail services etc... on that machine????
> 
> Is it applied to the correct interface..
> 
> Is S1 closer to the destination, or source.
> 
> 
> 
> ----- Original Message -----
> From: "John Brandis" 
> To: 
> Sent: Tuesday, July 24, 2001 9:12 PM
> Subject: permit ip any any [7:13686]
> 
> 
> > Hi ya,
> >
> > another ACL question
> >
> > I have a pretty simple ACL at the moment
> >
> > ip access list 110
> >
> > permit tcp any host 203.111.xxx.215 eq 25
> > permit tcp any host 203.111.xxx.215 eq 80
> > permit tcp any host 203.111.xxx.215 eq 25
> > permit tcp any host 203.111.xxx.215 eq 53
> > permit udp any host 203.111.xxx.215 eq 53
> >
> >
> > I put this on the the s1 int (run a stub network) in. However, the
> > second I apply this it actually shuts these ports down, like the
> > opposite of what I thought was to happen. I changed the direction of the
> > ACL but it did not effect the end result.
> > Do I have to use the permit ip any any  now, would that not go against
> > the use of permitting only certain ports...
> >
> > Thanks for your help...
> >
> > John
> > Sydney Australia
--
www.tasmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13811&t=13686
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to