Hi Anil, Sometimes its scaring posting to this group. =)
To answer your question, if you don't the permit IP any any command, there is an implicit deny rule at the end of an access-list, which will drop all traffic that you have not allowed through the access-list. The other two deny statements are dropping netbios port 139 and something that uses port 6666. Hope this helps. Scott -----Original Message----- From: Anil Gupte [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 7:59 PM To: [EMAIL PROTECTED] Subject: Access Lists are a bit mystifying [7:36164] Hi All! I watch this list occassionally (when I have time). This is my first post to this list, so be kind. :p) In the access list below: ************** conf t int ethernet0/0 no ip access-list extended secure2 ip access-list extended secure2 deny tcp any any eq 6666 deny tcp any any eq 139 permit ip any any int ethernet0/0 ip access-group secure2 out ip access-group secure2 in exit wr ************** Why is it that you need to deny TCP and permit IP? Or did I not do this right? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36167&t=36164 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]