Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
77740
Views
16
Helpful
1
Comments

How to configure ACLs to permit only established connections and deny all traffic sourced from the external network

TCC_2
Level 10
Level 10

‎06-18-2009 03:49 PM - edited ‎03-01-2019 03:39 PM

Core Issue

The established keyword indicates that packets belong to an existing connection if the Transmission Control Protocol (TCP) datagram has the Acknowledgment (ACK) or Reset (RST) bit set.

Resolution

To resolve this issue, perform these steps:

  1. Permit all established connections through the Access Control List (ACL) by using the established keyword.

    This is an example:

    access-list 100 permit tcp any any established

    For more information, refer to the Allow Only Internal Networks to Initiate a TCP Session section of Configuring Commonly Used IP ACLs.

    2. Ensure that Domain Name System (DNS) traffic (User Datagram Protocol [UDP] port 53) is permitted through the ACL.

       Otherwise, users will not be able to browse the Internet by domain name.

Labels:
Comments
Rafaello
Level 1
Level 1
‎01-18-2018 01:27 AM

Useful for just quick memory refresh how it works.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents