Default timeout "permit tcp any any established"

Unanswered Question
Mar 9th, 2010

Dear All,

First I want to know the default timeout of the following acl command:

permit tcp any any established

Actually One of our server session becomes timeout after every 1 min.

Secondly I have applied access-list only on  the outgoing interface (in direction). When I apply the following access-list above the established acl, I do not get any hit counts :

permit tcp any 1556 host 10.1.1.10 (for the reverse traffic)

But find hit count on the established acl. why ?

Regards,

Anser

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
milan.kulik Thu, 03/11/2010 - 04:18

Hi,

there's no timeout in established ACL.

It's just checking the ACK/RST bit in the packet header.

See http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#internalnetworks

I'm not sure if I understand your second question. The ACL entry syntax is wrong.

What are you trying to achieve?

Detecting a traffic from any host (source port 1556) to your host 10.1.1.10?

permit tcp any eq 1556 host 10.1.1.10

would be the correct syntax then.

HTH,

Milan

Muhammad Anser Khan Thu, 03/11/2010 - 12:21

Actually when I give the established command then other command for tcp session does not get any hits. Only I am find hits on established command. Even I put specific tcp command above the established command. Why ?

Regards,

Anser

milan.kulik Thu, 03/11/2010 - 22:05

Possibly the hosts sending data are not using source port 1556?

Why don't you try

permit tcp any host 10.1.1.10 log

to see some hits?

HTH,

Milan

Actions

This Discussion