03-25-2007 08:19 AM - edited 03-03-2019 04:17 PM
hi expert,
what is the purpose by adding stablisted in the access list ?
access-list 101 permit tcp any eq telnet host 192.168.1.1
access-list 101 permit tcp any eq telnet host 192.168.1.1 establisthed
03-25-2007 08:42 AM
This is to permit any packets returning to a host from already establish connections. When the datagram has acknowledged (ACK) or reset (RST) bits set (indicating an established TCP session)
03-25-2007 08:45 AM
sorry, can you explain more ? i still not understand
03-25-2007 08:46 AM
Hi
The established keyword allows tcp traffic to pass if there is an ACK or RST flag in the packet. If there isn't then the packet will not match that line and will be checked against the rest of the access-list if there are any more entries.
Put simply by using the established keyword you are making sure that the connection has already been initiated and that you are allowing traffic that is part of an already established connection.
What your access-list line says is only allow traffic with a source port of 23 to go through to the host 192.168.1.1 if the host host 192.168.1.1 has already initiated the connection.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide