return packets

anitachoi3 — Sun, 10 Mar 2019 12:31:32 GMT

Hi Expert,

For the concept of ACL on router, it is required the "established" ACL statement for the return packets which is from the originator. Such as the following example, there is not ACL on outbound traffic but control the inbound traffic only.

! router 2811

interface FE0/1

ip address 192.168.106.1 255.255.255.0

access-group 150 in

access-list 150 permit tcp any eq 443 host 192.168.106.105 gt 1023 established

I am going to config the ASA. Do I apply the similar concept to ASA? If so, which "key word" to represent the return packet?

rdgs

Anita

return packets

rhermes — Fri, 21 Oct 2011 16:26:15 GMT

Anita -

You would be better served by asking your firewall questions in the firewall forum.

Cisco's firewalls perform the "established" function by default on any TCP session that is allowed to be started from the inside interface to an outside interface. You do not have to define the return traffic properties, you only need to allow the traffic to leave (as long as the TCP session is started from the inside).

- Bob

topic return packets in Network Security

return packets

return packets