I'm having trouble configuring access lists. I'm trying to restrict access to a machine to only port 21015.
Here are my access-list lines:
access-list lock_down permit icmp 10.10.10.0 255.255.255.0 host172.16.1.100 access-list lock_down permit tcp 10.10.10.0 255.255.255.0 host 172.16.1.100 rq 21015 access-group lock_down in interface inside
Am I right in thinking that this should limit access on the inside interface to port 21015 for the host 172.16.1.100? If I telnet to another port, for example, 24079, and run a capture on the inside interface, I see the line "172.16.1.100.24079 > 10.10.10.138.1269". Does this indicate that a packet has been returned from 172.16.1.100? If so, how is this possible with the access-list in place?
If a packet is denied access because of an access-list is there anything specific in the capture or elsewhere that would tell me?
Any help would be much appreciated,