From: Vijaykrishna (vijaykrishna@xxxxxxxxxxx)
Date: Tue Aug 15 2000 - 22:12:01 GMT-3
TCP session is a 2 way communication... when u apply inbound to allow only
the Telnet and denying everything else u are denying the TCP return packets
for the TCP sessions originated from inside i.e from the net 10.0.103.13...
the Established packets allows all the TCP packets with ACK and RST bits set
thus are part of the TCP ssessions that are originated by inside net.
(10.0.103.13 )
Check ACRC for more info...
-Vijay
-----Original Message-----
From: Andy Singh <asingh@slamdunknetworks.com>
To: 'Vijaykrishna' <vijaykrishna@netzero.net>
Date: Tuesday, August 15, 2000 4:55 PM
Subject: RE: access-list question
>looks like it's workin once i added the followin. could you please explain
>what it does?
>thanks
>andy singh
>
>-----Original Message-----
>From: Vijaykrishna [mailto:vijaykrishna@netzero.net]
>Sent: Tuesday, August 15, 2000 10:59 AM
>To: Andy Singh; ccielab@groupstudy.com
>Subject: Re: access-list question
>
>
>add -
>acce 101 perm tcp any any established
>
>
>-----Original Message-----
>From: Andy Singh <asingh@slamdunknetworks.com>
>To: ccielab@groupstudy.com <ccielab@groupstudy.com>
>Date: Tuesday, August 15, 2000 1:43 PM
>Subject: access-list question
>
>
>>Hello
>>
>>I;m trying create an access-list to do something like this
>>10.0.103.--e1-2621-e0--10.0.0.0/24 and 10.0.101.0/24
>>from .0 and .101 net i wanna be able to only telnet to a machine on 103
net
>>(10.0.103.13) and from 10.0.103 net i wanna be able to access everything
on
>>.0 and 101 net. i created an access-list
>>access-list 101 permit tcp any host 10.0.103.13 eq telnet
>>and int e0 in
>>so telnet works from .0 .101 net but nothin works from the .103 net back
to
>>0. and .101 net.
>>so i tired access list 102 permit ip any any and
>>applied to e0 out....still nothin from .103.
>>
>>any suggestions.
>>thanks.....andy singh
>>
>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:26 GMT-3