Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issues conenction through ACL

I have a question about ACLs. I have a 3750 switch doing base layer three routing and ACLing connections into my network from there’s on a port by port basis. Now it has become time that I need to connect to a server on the remote network.  Let’s just say I send a request to them to access port 21 they will respond on a port that will be unknown to me and the ACL would block it. What would be the best practice for this?

Thank you

1 REPLY
Hall of Fame Super Blue

Re: Issues conenction through ACL

You can either -

1) use the "established" keyword for the return traffic which works for TCP

2) use reflexive access-lists which support TCP/UDP/ICMP

3) use a stateful firewall which will automatically allow return traffic

4) write a rule in your inbound acl for the traffic eg.

access-list 101 permit tcp eq 21 any

Jon

128
Views
0
Helpful
1
Replies
CreatePlease login to create content