access-list usage

parveesm123 · ‎09-19-2011

Hi

can anyone in simple term tell me what is the difference between

access-list extended 123 permit host 1.1.1.1 eq host 25 2.2.2.2

and

access-list extended 123 permit host 1.1.1.1 host 2.2.2.2 eq 25

can we use this in both firewalls and IOS ?

varrao · ‎09-19-2011

Hi Parveen,

The first access-list means that the source ip should be 1.1.1.1 and source port shoudl be 25, destination ip should be 2.2.2.2

The second access-list means the source ip should be 1.1.1.1, the destination ip shoudl be 2.2.2.2 and destination port should be 25.

Hope this helps,

Thanks,

Varun

Please do rate helpful posts.

Thanks,
Varun Rao

parveesm123 · ‎09-19-2011

Actually i am trying to use an access-list with PBR

so what i requires is

CLIENT->MSFC-> ACE (in one arm mode) ->SERVER

client access server on port 25. default gateway of Server is MSFC . so the returning traffic should also go through ACE cannot directly through MSFC so i am putting a route-map as follows

route-map SERVER-RETURNING-25

match address 123

ip next-hop

int vlan ***

des server gateway

ip route-map SERVER-RETURNING-25

ip access-list 123 extended permit host 1.1.1.1 eq 25 any

so this way , if the server respond to any SMTP connection it will be routed through the ACE

will it work?

-Parvees

varrao · ‎09-20-2011

Yes thats right, it will work.

Thanks,

Varun

Thanks,
Varun Rao