When you write this type of access-list you need to define who should initiate the conversation. With the command that you had to write you are defining that 22.214.171.124 should initiate the conversation and traffic can go to this host from 10.10.10.3 only if the established bit is set (meaning that a connection has been previously established). This being an extended access-list it should be placed as close to the source of the block as possible so you should apply it in on the interface that the 10 network comes in on. A common use for this is to restrict you local network from replying to internet connections (http) unless the established bit is set. (i.e. permit ip any eq 80 any established)
it depends on ur network design. so it depends where u r giving your access list. since it is that u have to use and extended access list, it is always better u keep it near the source. so if u want 126.96.36.199 to talk only tcp to 10.10.10.3, u take 188.8.131.52 as the source and 10.10.10.3 as the destination. so it is always better to keep the access list near the source and therefore
'acl 169 permit tcp host 184.108.40.206 host 10.10.10.3 established' is the correct command and u place the access list neat 220.127.116.11.
'established' is required for the handshake process to take place fully.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :