I have configured an acl to control traffic going in/out of an interface via tcp ports. However, after applying the acl to the interface, i find that eventhough ports are allowed, traffic is blocked by the acl.
I suspected that it could be the initial tcp handshake (SYN, SYNACK, ACK etc) is not being allowed (due to the implicit deny). When i included that in the acl, it worked. Is this a necessary step in an acl that controls by tcp port?
Reason is, some of the acl configured with tcp port control has not been configured to allow SYN, ACK etc but it works when some of these ACLs are applied to other interface.