08-16-2011 06:20 AM - edited 03-07-2019 01:43 AM
Dear All,
Please help me out to get the information about the difference between 2 ACL as mentioned below:-
1. access-list 101 permit tcp any any eq 5900
2. access-list 101 permit tcp any eq 5900 any
NB:- The requirement to permit incoming VNC request for a VLAN, and the No.2 ACL is working fo rthe same, but I'm confused what is the difference between this 2 ACL.....the 1st one is not working for the VNC requirement.
Thanks & Regards,
Sujit
Solved! Go to Solution.
08-16-2011 06:26 AM
Hi,
the difference is in first the dst port is 5900 and in the second the src port is 5900.
Where are you applying this ACL and in which direction? don't forget there is an implicit deny all at the end so if there is no match on first ACE then it will match the implicit deny.
For VNC 5900 is the listening port so the dst port for a client connection.
Regards.
Alain.
08-16-2011 06:26 AM
Hi,
the difference is in first the dst port is 5900 and in the second the src port is 5900.
Where are you applying this ACL and in which direction? don't forget there is an implicit deny all at the end so if there is no match on first ACE then it will match the implicit deny.
For VNC 5900 is the listening port so the dst port for a client connection.
Regards.
Alain.
08-16-2011 06:31 AM
1. Permits TCP packets from any source IP address and from any source TCP port to any destination IP address but only to the specified destination TCP port.
2. Permits TCP packets from any source IP address and from the specified TCP port to any destination IP address and any destination TCP port.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide