RE: extended access-list in/ out [7:58750]
I have just found that it is good practice to not allow the source port if below 1024 Regards D'Wayne Saunders Data Network Administrator -Original Message- From: Aaron Laws [mailto:[EMAIL PROTECTED]] Sent: Thursday, 12 December 2002 8:35 AM To: [EMAIL PROTECTED] Subject: RE: extended access-list in/ out [7:58750] Do you even need to specify the source port? Why wouldn't you just do: access-list 101 permit tcp any any eq telnet? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59021&t=58750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: extended access-list in/ out [7:58750]
Do you even need to specify the source port? Why wouldn't you just do: access-list 101 permit tcp any any eq telnet? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59015&t=58750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: extended access-list in/ out [7:58750]
This won't work because the source packet doe's not have a source port of 23 what you need to do is access-list 101 permit tcp any gt 1023 any eq telnet (this is for inbound ) from memory traffic originating from router will not be bound by an ACL so your out bound traffic should be alright (not 100% on this if any one wants to shed some more light please do) Then apply to interface by ip access-group 101 in -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, 8 December 2002 14:20 To: [EMAIL PROTECTED] Subject: RE: extended access-list in/ out [7:58750] neil what you can do to allow both outbound and incoming telnet access by using the command: access-list 101 permit tcp any eq telnet any eq telnet ip access-group 101 in/out whichever interface you would want to put this on. I haven't tried this yet but I think this will work. It allows source telnet traffic (the 1st any eq telnet keywords) to be forwarded to the destination (the 2nd any eq telnet keywords), and vice versa. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58757&t=58750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: extended access-list in/ out [7:58750]
neil what you can do to allow both outbound and incoming telnet access by using the command: access-list 101 permit tcp any eq telnet any eq telnet ip access-group 101 in/out whichever interface you would want to put this on. I haven't tried this yet but I think this will work. It allows source telnet traffic (the 1st any eq telnet keywords) to be forwarded to the destination (the 2nd any eq telnet keywords), and vice versa. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58756&t=58750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
