09-19-2011 11:02 PM - edited 03-11-2019 02:27 PM
Hi
can anyone in simple term tell me what is the difference between
access-list extended 123 permit host 1.1.1.1 eq host 25 2.2.2.2
and
access-list extended 123 permit host 1.1.1.1 host 2.2.2.2 eq 25
can we use this in both firewalls and IOS ?
09-19-2011 11:14 PM
Hi Parveen,
The first access-list means that the source ip should be 1.1.1.1 and source port shoudl be 25, destination ip should be 2.2.2.2
The second access-list means the source ip should be 1.1.1.1, the destination ip shoudl be 2.2.2.2 and destination port should be 25.
Hope this helps,
Thanks,
Varun
Please do rate helpful posts.
09-19-2011 11:21 PM
Actually i am trying to use an access-list with PBR
so what i requires is
CLIENT->MSFC-> ACE (in one arm mode) ->SERVER
client access server on port 25. default gateway of Server is MSFC . so the returning traffic should also go through ACE cannot directly through MSFC so i am putting a route-map as follows
route-map SERVER-RETURNING-25
match address 123
ip next-hop
int vlan ***
des server gateway
ip route-map SERVER-RETURNING-25
ip access-list 123 extended permit host 1.1.1.1 eq 25 any
so this way , if the server respond to any SMTP connection it will be routed through the ACE
will it work?
-Parvees
09-20-2011 01:21 AM
Yes thats right, it will work.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide