Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
2
Replies

having problems with access-list

al
Level 1
Level 1

‎07-03-2002 11:28 AM - edited ‎02-20-2020 09:18 PM

Cut these items from a PIX that I'm working on. I can't decifer what they are.

access-list acl_in permit 23 host xxx.253.5.3 host 10.10.1.10

access-list acl_in permit 23 host xxx.253.5.3 host xxx.253.5.4

.

.

access-list acl_in permit ip any any

First, what is protocol 23?

Second, doesn't the last statement allow the protocol from any net to any net making the need for the first two lines redundant (I'm guessing that the last line was supposed to say deny).

Labels:
0 Helpful
2 Replies 2

alexis.fidalgo
Level 1
Level 1

‎07-03-2002 12:14 PM

the last statement will override the first two, if no one of the first two matches , the last one will do.

by default PIX deny everything, so you dont need the deny ip any any as the last directive.

permit ip any any is turning your firewall to an ethernet patchcord =)

and, IP as protocol implies all others.

If you want the get a list of protocol numbers go to

http://www.iana.org/assignments/protocol-numbers

regards

0 Helpful

al
Level 1
Level 1
In response to alexis.fidalgo

‎07-05-2002 10:31 AM

I had looked at the protocol table before and here's what it says about 23....

23 TRUNK-1 Trunk-1 [BWB6]

Which really doesn't tell me much. Someone else suggested that perhaps they were really trying to allow telnet access from the router into the PIX which would make sense...

0 Helpful
Customers Also Viewed These Support Documents