Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
80566
Views
17
Helpful
0
Comments

How to configure ACLs to permit only established connections and deny all traffic sourced from the external network

TCC_2
Level 10
Level 10

‎06-18-2009 03:49 PM - edited ‎03-01-2019 03:39 PM

Core Issue

The established keyword indicates that packets belong to an existing connection if the Transmission Control Protocol (TCP) datagram has the Acknowledgment (ACK) or Reset (RST) bit set.

Resolution

To resolve this issue, perform these steps:

  1. Permit all established connections through the Access Control List (ACL) by using the established keyword.

    This is an example:

    access-list 100 permit tcp any any established

    For more information, refer to the Allow Only Internal Networks to Initiate a TCP Session section of Configuring Commonly Used IP ACLs.

    2. Ensure that Domain Name System (DNS) traffic (User Datagram Protocol [UDP] port 53) is permitted through the ACL.

       Otherwise, users will not be able to browse the Internet by domain name.

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card