Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure ACLs to permit only established connections and deny all traffic sourced from the external network

Core Issue

The established keyword indicates that packets belong to an existing connection if the Transmission Control Protocol (TCP) datagram has the Acknowledgment (ACK) or Reset (RST) bit set.

Resolution

To resolve this issue, perform these steps:

  1. Permit all established connections through the Access Control List (ACL) by using the established keyword.

    This is an example:

    access-list 100 permit tcp any any established

    For more information, refer to the Allow Only Internal Networks to Initiate a TCP Session section of Configuring Commonly Used IP ACLs.

    2. Ensure that Domain Name System (DNS) traffic (User Datagram Protocol [UDP] port 53) is permitted through the ACL.

       Otherwise, users will not be able to browse the Internet by domain name.

40525
Views
0
Helpful
0
Comments