RE: Basic ACL question

From: R. Adjakou (radjakou@cfao.sn)
Date: Wed Aug 18 2004 - 14:06:26 GMT-3

• Next message: gladston@br.ibm.com: "BGP Aggregate and the Origin"
• Previous message: Mike Calhoon: "RE: IPexpert CCIE (R&S) Audio Boot Camp Student Kit"
• Maybe in reply to: samccie2004@yahoo.co.uk: "Basic ACL question"
• Next in thread: Tim Fletcher: "Re: Basic ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Destination port of http requests is 80
Source port of http replies is 80 also.
Solution 1 is the right one whatever inbound or outbound.

Cordialement/Best regards;

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
Roberto Adjakou
E-mail : RAdjakou@cfao.sn
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com] De la part de
samccie2004@yahoo.co.uk
Envoyi : mercredi 18 ao{t 2004 08:17
@ : studygroup
Objet : Basic ACL question

Hi Group
 
When asked to deny WWW traffic
 
Would it be correct to have solution 1, to ensure both http requests and
replies are blocked.
Or solution 2, assuming that if no requests are made in first place, no
replies will follow, therefore no need to block them.
 
 
Solution 1
access-list 102 deny tcp any any eq www
access-list 102 deny tcp any eq www any
 
Solution 2
access-list 102 deny tcp any any eq www
 
TIA
 
Sam

• Next message: gladston@br.ibm.com: "BGP Aggregate and the Origin"
• Previous message: Mike Calhoon: "RE: IPexpert CCIE (R&S) Audio Boot Camp Student Kit"
• Maybe in reply to: samccie2004@yahoo.co.uk: "Basic ACL question"
• Next in thread: Tim Fletcher: "Re: Basic ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:45 GMT-3