Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list

Hi,

I want to know how to use "established" parameter in access-list.

If I create inbound access-list, for ex.-

access-list 101 permit tcp host 10.1.1.1 eq 23 host 10.2.2.2 established

Then in outbound access-list do I have to include

access-list 101 permit tcp host 10.2.2.2 host 10.1.1.1 eq 23

Thanks

  • Other Network Infrastructure Subjects
3 REPLIES
Bronze

Re: access-list

Yes -- if you have both an inbound and outbound ACL on the interface, you need to allow the TELNET traffic through on both of them.

Silver

Re: access-list

It all depends what you are trying to do.

What your first command will do is:

If telnet connection is made from internal 10.2.2.2 to outside host 10.1.1.1, it will allow returning telnet packets. If you do not use second statment, you will still be able to telnet to 10.1.1.1 from 10.2.2.2 machine. Note that 10.1.1.1 will not be able to initiate telnet connection to your 10.2.2.2

If you use second statment, your are ONLY permitting internal host 10.2.2.2, to telnet to 10.1.1.1. All other outbound packets will be denied.

Thanks.

New Member

Re: access-list

If the outbound access list denies telnet to 10.1.1.1 then you have to include you second statement on the outbound access list.

thanx

91
Views
0
Helpful
3
Replies