12-11-2002 12:36 AM - edited 02-20-2020 09:19 PM
Hi,
I'd like to restrict tcp traffic on one simple IOS router.
I think that if I use a refelexive ACL, either two simmetrical standard ACL with the established keyword on one side, is the same thing... It's correct?
The reflexive ACL don't provide stateful inspection but only create a simmetrical ACL without a traffic understanding?
Thanks,
Graz.
12-11-2002 05:51 PM
A reflexive ACL is a little better than just simply putting the TCP established keyword on a normal ACL. For one thing, reflexive ACL's handle UDP traffic, whereas the "established" keyword is only for TCP.
You're correct though, it doesn't actually keep track of sessions or anything like that, it just looks at outgoing traffic and allows it to come back in for a short period. Certainly better than nothing though.
12-12-2002 12:20 AM
Thanks a lot,
Bye
Graz.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide