Solved: Acl-copp-management

D@1984 · ‎03-29-2024

Hi,

can someone please advise why I need line 4 of below Acl? I understand we use established when we want to allow the response to the connection initiated from the internal network but on line 3 we allow ssh from any source to any destination already. So why we still need line 4?

thanks

ip access-list extended acl-copp

permit udp any any ntp

permit udp any any snmp

permit tcp any any eq 22

permit tcp any eq 22 any establishe

Giuseppe Larosa · ‎03-29-2024

Hello D@1984 ,

in the ACL line 3 is for the incoming SSH sessions and it allows them.

Line 4 allows outgoing SSH sessions started from the local system to some other system (any) .

The two lines perform different duties. The key difference is that in line 3 the TCP port for SSH is matched as a destination port, and in line 4 TCP port 22 SSH is matched as source port.

The well known port is on the server side.

Hope to help

Giuseppe

View solution in original post

MHM Cisco World · ‎03-29-2024

Any source to any destiantion IP but any l4 port to ssh l4 port

That why we need line 4 which specify any IP l4 port ssh to any IP any l4 port

MHM

Giuseppe Larosa · ‎03-29-2024