Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
2
Replies

about reflexive access-list

g.rodegari
Level 1
Level 1

‎12-11-2002 12:36 AM - edited ‎02-20-2020 09:19 PM

Hi,

I'd like to restrict tcp traffic on one simple IOS router.

I think that if I use a refelexive ACL, either two simmetrical standard ACL with the established keyword on one side, is the same thing... It's correct?

The reflexive ACL don't provide stateful inspection but only create a simmetrical ACL without a traffic understanding?

Thanks,

Graz.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-11-2002 05:51 PM

A reflexive ACL is a little better than just simply putting the TCP established keyword on a normal ACL. For one thing, reflexive ACL's handle UDP traffic, whereas the "established" keyword is only for TCP.

You're correct though, it doesn't actually keep track of sessions or anything like that, it just looks at outgoing traffic and allows it to come back in for a short period. Certainly better than nothing though.

0 Helpful

g.rodegari
Level 1
Level 1
In response to gfullage

‎12-12-2002 12:20 AM

Thanks a lot,

Bye

Graz.

0 Helpful
Customers Also Viewed These Support Documents