From: Arifur Rahman (arahman@cisco.com)
Date: Mon Sep 29 2003 - 01:04:04 GMT-3
Hi Lan
Can you please explain what we are gaining by adding "any gt 1024" here?
thank you - Arif
At 11:48 PM 9/28/2003 -0400, Ian Stong wrote:
>If you are only wanted inbound SMTP traffic to host 10.1.1.1 I would
>suggest
>
>Access-list 101 permit tcp any gt 1024 host 10.10.1.1 eq 25
>
>
>Ian
>www.istong.org
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>SN K38U
>Sent: Sunday, September 28, 2003 10:24 PM
>To: ccielab@groupstudy.com
>Subject: A question about Acl
>
>If I was asked to only permit the internet to access my smtp server with
>ip
>10.10.1.1,which acl is better?
>
>access-list 101 permit tcp any 128.88.0.0 0.0.255.255 established
>access-list 101 permit tcp any host 128.88.1.2 eq 25
>
>or
>
>access-list 102 permit tcp any host 128.88.1.2 eq 25
>
>I am a bit confused with it.In my option,since the mail packets coming
>in
>from the internet have a destination port of 25,I think acl 102 is
>enough,but many other people prefer acl 101.
>
>Any clarify is appreciated.
>
>_________________________________________________________________
>Cb7QOBTX MSN Explorer: http://explorer.msn.com/lccn/
>
>***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:39 GMT-3