Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

about reflexive access-list

Hi,

I'd like to restrict tcp traffic on one simple IOS router.

I think that if I use a refelexive ACL, either two simmetrical standard ACL with the established keyword on one side, is the same thing... It's correct?

The reflexive ACL don't provide stateful inspection but only create a simmetrical ACL without a traffic understanding?

Thanks,

Graz.

2 REPLIES
Cisco Employee

Re: about reflexive access-list

A reflexive ACL is a little better than just simply putting the TCP established keyword on a normal ACL. For one thing, reflexive ACL's handle UDP traffic, whereas the "established" keyword is only for TCP.

You're correct though, it doesn't actually keep track of sessions or anything like that, it just looks at outgoing traffic and allows it to come back in for a short period. Certainly better than nothing though.

New Member

Re: about reflexive access-list

Thanks a lot,

Bye

Graz.

111
Views
0
Helpful
2
Replies