Kingsley Charles (CCSP, CCNP, CCIP)
Member # 29872
posted January 07, 2012 07:49 PM
First one denies connection to telnet service and from telnet service. Suppose you are asked to deny telnet service on the remote vpn connections terminating on ASA, you this ACL with vpn filter command which will block telnet connections from the client and telnet response from the server.
Another good example is with BGP
If you apply this ACL inbound on an interface of a the and there is a BGP connection across the router, this ACL BGP initiating from inside R1 and outside R2.
R1 BGP -------------- R3 in acl ------------BGP R3
ip access-list extended ACL1
permit tcp any any eq 179
permit tcp any eq 179 any
This ACL will permit only BGP response meaning the outside router R3 can't initiate BGP connection.
ip access-list extended ACL2
permit tcp any any eq telnet
Posts: 887 | From: India | Registered: Jun 2010
| IP: Logged