From: Amit Jain (netsteps@rediffmail.com)
Date: Tue Jul 05 2005 - 09:47:58 GMT-3
Rajib
According to the basic communication between a client and a server (or
source to destination) says that the destination port will the one which the
source wants to access. So if host A want to telnet to host B then it will
be
access-list 100 permit tcp host A host B eq telnet
and not
access-list 100 permit tcp host A eq telnet host B
But when the host B will respond to host A then the layer 4 portion will be
swapped and it will be like
access-list 100 permit tcp host B eq telnet host A
Keep this rule in your mind.
Amit
----- Original Message -----
From: "Rajib Khan" <rajib56666@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, July 05, 2005 3:49 PM
Subject: iewb-rs vol-1 lab-6
> Hi
>
> In the security section of the above ie lab, there is a question about sw2
should accept udp echos from 191.1.77.100. however sw2 should not respond to
packet sent to udp "DIscard" and "chargen" from the above host. Following
config was given
>
> service udp-small-servers
> int f0/0
> ip access-group 100 in
>
>
> acc 100 deny udp any any eq discard
> acc 100 den udp any any eq 19
> acc 100 per ip any any
>
> I think above is wrong should it not be like below
>
> acce 100 den udp host 191.1.77.100 eq discard any
> eq 19
> permit ip any any
>
> COuld any one please help
>
> Thanks
>
> Raj
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3