Solved

do we need the command "permit tcp any any" in the following configuration ?what is the purpose of this

Posted on 2009-05-06
2
660 Views
Last Modified: 2012-06-22
ip access-list extended acl_bye
 permit icmp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
 permit tcp host 192.168.1.53 192.168.0.0 0.0.255.255
 permit ip host 192.168.1.51 host 192.168.9.236
 permit ip host 192.168.1.91 host 192.168.9.236
 permit ip host 192.168.1.91 host 192.168.9.254
 permit udp any any
 permit icmp any any
 permit tcp host 192.168.1.80 host 192.168.15.241
 permit tcp any any
 deny   tcp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   udp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   ip any any log
0
Comment
Question by:alimohammed72
2 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24320613
it permits (or identifies)  TCP traffic from any IP address to any IP address.


0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 24321092
Well that depends on what the purpose with the ACL is.

If you use it like this I dont see a point other then using it for tracking hit count. The "permit udp any any" and "permit tcp any any" comes before any denys so there will never be a hit on the 3 deny statements.

If you need the 2 deny statements and you need all else traffic to pass you should reconfigure to something like this:

p access-list extended acl_bye
 deny   tcp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   udp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 permit icmp any any
 permit udp any any
 permit tcp any any
 deny ip any any log
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now