Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

"established" command

Hello,

Does the "established" command works only when the connections are created from the inside (hig security zone) to the outside (low security zone)?

If I've this situation:

access-list Incoming-Outside permit tcp IP-POOL host SERVER eq 135

static (inside,outside) SERVER SERVER 0 0

an external client from the IP-POOL can initiate an RPC session from the outside to this SERVER.

The server answer from the RPC port to tell some random high port (eg 1355)

Now the client initiate the connetion to this port but there isn't an ACL.

Can I use the "established" command? instead of put an ACL that permit traffic from IP-POOL to gt 1024 port?

Thanks a lot,

Graz.

3 REPLIES
Cisco Employee

Re: "established" command

Graz,

You could try something like

established tcp 0 135

However, the established keyword, only works with connections that are established on the "inside" or higher security interface, they do not account for inbound connections.

You could still see if the PIX will behave similarly to a connection being established from the inside.

Hope that helps

-Bryan

New Member

Re: "established" command

Thanks,

today I'll try!

Bye,

Graz.

New Member

Re: "established" command

EUREKA !

It works!

thanks,

Graz.

211
Views
0
Helpful
3
Replies
CreatePlease to create content