Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

do we need the command "permit tcp any any" in the following configuration ?what is the purpose of this

Posted on 2009-05-06
2
Medium Priority
?
678 Views
Last Modified: 2012-06-22
ip access-list extended acl_bye
 permit icmp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
 permit tcp host 192.168.1.53 192.168.0.0 0.0.255.255
 permit ip host 192.168.1.51 host 192.168.9.236
 permit ip host 192.168.1.91 host 192.168.9.236
 permit ip host 192.168.1.91 host 192.168.9.254
 permit udp any any
 permit icmp any any
 permit tcp host 192.168.1.80 host 192.168.15.241
 permit tcp any any
 deny   tcp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   udp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   ip any any log
0
Comment
Question by:alimohammed72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24320613
it permits (or identifies)  TCP traffic from any IP address to any IP address.


0
 
LVL 9

Accepted Solution

by:
Donboo earned 1500 total points
ID: 24321092
Well that depends on what the purpose with the ACL is.

If you use it like this I dont see a point other then using it for tracking hit count. The "permit udp any any" and "permit tcp any any" comes before any denys so there will never be a hit on the 3 deny statements.

If you need the 2 deny statements and you need all else traffic to pass you should reconfigure to something like this:

p access-list extended acl_bye
 deny   tcp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 deny   udp 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 log
 permit icmp any any
 permit udp any any
 permit tcp any any
 deny ip any any log
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question