Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access list

hi expert,

what is the purpose by adding stablisted in the access list ?

access-list 101 permit tcp any eq telnet host 192.168.1.1

access-list 101 permit tcp any eq telnet host 192.168.1.1 establisthed

3 REPLIES

Re: access list

This is to permit any packets returning to a host from already establish connections. When the datagram has acknowledged (ACK) or reset (RST) bits set (indicating an established TCP session)

New Member

Re: access list

sorry, can you explain more ? i still not understand

Hall of Fame Super Blue

Re: access list

Hi

The established keyword allows tcp traffic to pass if there is an ACK or RST flag in the packet. If there isn't then the packet will not match that line and will be checked against the rest of the access-list if there are any more entries.

Put simply by using the established keyword you are making sure that the connection has already been initiated and that you are allowing traffic that is part of an already established connection.

What your access-list line says is only allow traffic with a source port of 23 to go through to the host 192.168.1.1 if the host host 192.168.1.1 has already initiated the connection.

HTH

Jon

124
Views
0
Helpful
3
Replies