A question about Acl

From: ÓΠ˳¸Õ (youshungang@hotmail.com)
Date: Sun Sep 28 2003 - 23:24:25 GMT-3

• Next message: Arifur Rahman: ""frame-relay fragment" and packet size"
• Previous message: Naveen Gupta: "Remove me from the list !!!"
• Next in thread: Ian Stong: "RE: A question about Acl"
• Maybe reply: Ian Stong: "RE: A question about Acl"
• Maybe reply: Arifur Rahman: "RE: A question about Acl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If I was asked to only permit the internet to access my smtp server with ip
10.10.1.1,which acl is better?

access-list 101 permit tcp any 128.88.0.0 0.0.255.255 established
access-list 101 permit tcp any host 128.88.1.2 eq 25

or

access-list 102 permit tcp any host 128.88.1.2 eq 25

I am a bit confused with it.In my option,since the mail packets coming in
from the internet have a destination port of 25,I think acl 102 is
enough,but many other people prefer acl 101.

Any clarify is appreciated.

• Next message: Arifur Rahman: ""frame-relay fragment" and packet size"
• Previous message: Naveen Gupta: "Remove me from the list !!!"
• Next in thread: Ian Stong: "RE: A question about Acl"
• Maybe reply: Ian Stong: "RE: A question about Acl"
• Maybe reply: Arifur Rahman: "RE: A question about Acl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:39 GMT-3