Verifying the Policy of No Telnet

Let’s run a second test to see whether Telnet is denied (which it should be because of our ACL rule). In Packet Tracer, we input the details the same as before but change the port to 23, which is the well-known destination port for Telnet, and run the test. Figure 16-20 shows the results.

Figure 16-20 Verifying the ACL Is Preventing Telnet Through the ASA

This time we see that the initial route lookup took place, but when the ACL was checked, it failed and told us the result. The nice part of this is that it can assist in isolating not only that it did not work, but also the exact component (the reason) that caused it to fail.