Thanks Segundai, And all others, much appreciated. I think i somehow mistook that the return traffic would be sourced from a dynamic source port but that only happens for client traffic i suppose, whereas a telnet service already has a defined port and won't need a reserved port (as in under 1024).
Alef On Jun 17, 2011, at 8:45 PM, 'Segun Daini wrote: > You have the client connecting to the server. The client uses any port while > the server port is known. In this case tcp/23 for telnet. > > For the return traffic, the telnet server will respond to the client. The > source port is that of the server, 23 while the destination is any port the > initial traffic was sourced from. > > Regards. > > > > Sent from Yahoo! Mail on Android > > > From: Alef <[email protected]>; > To: [email protected] IE <[email protected]>; > Subject: [OSL | CCIE_RS] acl question - defining return traffic? > Sent: Fri, Jun 17, 2011 6:41:13 PM > > Maybe a bit of ignorant question; but i always used to think that > access-list 170 permit tcp any any telnet > > would cover telnet both ways. i.e. it does not matter which range is any so > it can from *inside* your network our *outside* your network, still going to > the same destination telnet port > > but it seems for return traffic we also need to define > access-list 170 permit tcp any eq telnet any > > why? the source port is dynamic right ? why would that need to be specified? > it would not be 23 so what's the point? > > Can anyone enlighten me ? > > Kind regards, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
