Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Default timeout "permit tcp any any established"

Dear All,

First I want to know the default timeout of the following acl command:

permit tcp any any established

Actually One of our server session becomes timeout after every 1 min.

Secondly I have applied access-list only on  the outgoing interface (in direction). When I apply the following access-list above the established acl, I do not get any hit counts :

permit tcp any 1556 host 10.1.1.10 (for the reverse traffic)

But find hit count on the established acl. why ?

Regards,

Anser

3 REPLIES

Re: Default timeout "permit tcp any any established"

Hi,

there's no timeout in established ACL.

It's just checking the ACK/RST bit in the packet header.

See http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#internalnetworks

I'm not sure if I understand your second question. The ACL entry syntax is wrong.

What are you trying to achieve?

Detecting a traffic from any host (source port 1556) to your host 10.1.1.10?

permit tcp any eq 1556 host 10.1.1.10

would be the correct syntax then.

HTH,

Milan

Re: Default timeout "permit tcp any any established"

Actually when I give the established command then other command for tcp session does not get any hits. Only I am find hits on established command. Even I put specific tcp command above the established command. Why ?

Regards,

Anser

Re: Default timeout "permit tcp any any established"

Possibly the hosts sending data are not using source port 1556?

Why don't you try

permit tcp any host 10.1.1.10 log

to see some hits?

HTH,

Milan

2404
Views
0
Helpful
3
Replies