Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Query

Hi Guys,

What is the use of below ACL.

access−list 110 permit tcp any any gt 1023 established

Thanks

Amolak

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ACL Query

Amolak,

The access-list will allow all TCP connections having port number greater than 1023.

The established keyword would block all the incoming traffic except for the established connections that are initiated from your inside network i.e allowing only the reply for the connections you had initiated on ports greater than 1023.

HTH, rate if it does

Narayan

Silver

Re: ACL Query

It also depends if you're applying ACL to INSIDE or OUTSIDE.

The line itself means as Narayan says.

ONLY allow TCP packets from ANY port to port GREATER THAN 1023, but only if session was already ESTABLISHED from the other side.

I.E.: If ACL would be

access−list 110 permit tcp host 1.1.1.1 host 2.2.2.2 gt 1023 established

ACL would allow TCP packets from host 1.1.1.1 and any TCP source port to host 2.2.2.2 at destination ports greater than 102.

But only AFTER host 2.2.2.2 has established a connection to host 1.1.1.1

2 REPLIES

Re: ACL Query

Amolak,

The access-list will allow all TCP connections having port number greater than 1023.

The established keyword would block all the incoming traffic except for the established connections that are initiated from your inside network i.e allowing only the reply for the connections you had initiated on ports greater than 1023.

HTH, rate if it does

Narayan

Silver

Re: ACL Query

It also depends if you're applying ACL to INSIDE or OUTSIDE.

The line itself means as Narayan says.

ONLY allow TCP packets from ANY port to port GREATER THAN 1023, but only if session was already ESTABLISHED from the other side.

I.E.: If ACL would be

access−list 110 permit tcp host 1.1.1.1 host 2.2.2.2 gt 1023 established

ACL would allow TCP packets from host 1.1.1.1 and any TCP source port to host 2.2.2.2 at destination ports greater than 102.

But only AFTER host 2.2.2.2 has established a connection to host 1.1.1.1

263
Views
0
Helpful
2
Replies