ACL Query

Answered Question
Jun 25th, 2007

Hi Guys,

What is the use of below ACL.

access−list 110 permit tcp any any gt 1023 established

Thanks

Amolak

Correct Answer by Pavel Bykov about 9 years 8 months ago

It also depends if you're applying ACL to INSIDE or OUTSIDE.

The line itself means as Narayan says.

ONLY allow TCP packets from ANY port to port GREATER THAN 1023, but only if session was already ESTABLISHED from the other side.

I.E.: If ACL would be

access−list 110 permit tcp host 1.1.1.1 host 2.2.2.2 gt 1023 established

ACL would allow TCP packets from host 1.1.1.1 and any TCP source port to host 2.2.2.2 at destination ports greater than 102.

But only AFTER host 2.2.2.2 has established a connection to host 1.1.1.1

Correct Answer by royalblues about 9 years 8 months ago

Amolak,

The access-list will allow all TCP connections having port number greater than 1023.

The established keyword would block all the incoming traffic except for the established connections that are initiated from your inside network i.e allowing only the reply for the connections you had initiated on ports greater than 1023.

HTH, rate if it does

Narayan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
royalblues Mon, 06/25/2007 - 03:39

Amolak,

The access-list will allow all TCP connections having port number greater than 1023.

The established keyword would block all the incoming traffic except for the established connections that are initiated from your inside network i.e allowing only the reply for the connections you had initiated on ports greater than 1023.

HTH, rate if it does

Narayan

Correct Answer
Pavel Bykov Mon, 06/25/2007 - 06:34

It also depends if you're applying ACL to INSIDE or OUTSIDE.

The line itself means as Narayan says.

ONLY allow TCP packets from ANY port to port GREATER THAN 1023, but only if session was already ESTABLISHED from the other side.

I.E.: If ACL would be

access−list 110 permit tcp host 1.1.1.1 host 2.2.2.2 gt 1023 established

ACL would allow TCP packets from host 1.1.1.1 and any TCP source port to host 2.2.2.2 at destination ports greater than 102.

But only AFTER host 2.2.2.2 has established a connection to host 1.1.1.1

Actions

This Discussion