Solved: return packets

anitachoi3 · ‎10-21-2011

Hi Expert,

For the concept of ACL on router, it is required the "established" ACL statement for the return packets which is from the originator. Such as the following example, there is not ACL on outbound traffic but control the inbound traffic only.

! router 2811

!

interface FE0/1

ip address 192.168.106.1 255.255.255.0

access-group 150 in

!

access-list 150 permit tcp any eq 443 host 192.168.106.105 gt 1023 established

!

I am going to config the ASA. Do I apply the similar concept to ASA? If so, which "key word" to represent the return packet?

rdgs

Anita

rhermes · ‎10-21-2011

Anita -

You would be better served by asking your firewall questions in the firewall forum.

Cisco's firewalls perform the "established" function by default on any TCP session that is allowed to be started from the inside interface to an outside interface. You do not have to define the return traffic properties, you only need to allow the traffic to leave (as long as the TCP session is started from the inside).

- Bob

View solution in original post

rhermes · ‎10-21-2011

Anita -

You would be better served by asking your firewall questions in the firewall forum.

Cisco's firewalls perform the "established" function by default on any TCP session that is allowed to be started from the inside interface to an outside interface. You do not have to define the return traffic properties, you only need to allow the traffic to leave (as long as the TCP session is started from the inside).

- Bob