[c-nsp] access list Q

[Arie Vayner]

Hi

You have to take into account that packets going back from the server to
the client, would have a source port of 25 and a random destination
port.
You could try and add another line so the ACL would look like:

Access-list 119 permit tcp any any eq 25
Access-list 119 permit tcp any eq 25 any

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Noel
Sent: Wednesday, February 16, 2005 12:25 PM
To: cisco-nsp
Subject: [c-nsp] access list Q

Hi All,

Wanting to rate limit traffic on a port, lets say 25, in and out...

I was of the belief that it's like,  <from> <to> <port>, so 

access-list 119 permit tcp any any eq 25

applied to an interface with in and out would catch, but I then applied
to same access list

access-list 119 permit tcp any eq 25 any

for the heck of it, however a sh access-list 101 shows vastly different
number of matches on either rule, so was I wrong to assume that  any any
eq 25  applied  in/out would inf act get it all, and I do need both? or
is it just the way the routers caught it?


TIA
N


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/