ACL's on Cisco routers (2600's) ...

I am having a little trouble with the access control lists on Cisco 2600 series routers.
I have a basic understanding of them and how they operate, but when it comes to setting up an extended ACL I seem to have trouble with the keywords HOST and ANY.
Not sure when to use them and sometimes the ANY keyword is used twice in succession.
eg. access-list 110 deny tcp 192.168.12.0 0.255.255.255 192.168.13.0 0.255.255.255
access-list 110 permit ip any any
also tcp was used in the deny ACL and ip used in the permit ACL
A little confusing.
.
In some cases only a single ANY is used.
I would appreciate some assistance here, thank you.
(The above ACL is an actual ACL)

I’ll answer your simple question first. The reason why there are two any any is because on an Extended ACL you need both a source and a destination. However if you were using a Simple ACL you would only need to specify one ANY since Simple ACLs only require a source address.

I can also see a problem in your ACL
[code:1]access-list 110 deny tcp 192.168.12.0 0.255.255.255 192.168.13.0 0.255.255.255 <-- Look at the wildcards[/code:1]

What that line is doing is stopping all TCP traffic from network 192.0.0.0 reaching any other 192.0.0.0 network. To make it work the way I think you intended it to be you would need to have your wildcards set to 0.0.0.255. This makes sure that the first 3 octets of the addressed are checked. *Remember that a 0 in a wildcard means check the bit and a 1 means don’t check the bit.

To sum up your ACL would look like this:

[code:1]access-list 110 deny tcp 192.168.12.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 110 permit ip any any
[/code:1]

Don't forget to apply the ACL to an interface