Re: access-list

nitinnigam · ‎11-10-2003

Hi,

I want to know how to use "established" parameter in access-list.

If I create inbound access-list, for ex.-

access-list 101 permit tcp host 10.1.1.1 eq 23 host 10.2.2.2 established

Then in outbound access-list do I have to include

access-list 101 permit tcp host 10.2.2.2 host 10.1.1.1 eq 23

Thanks

tbaranski · ‎11-10-2003

Yes -- if you have both an inbound and outbound ACL on the interface, you need to allow the TELNET traffic through on both of them.

rais · ‎11-10-2003

It all depends what you are trying to do.

What your first command will do is:

If telnet connection is made from internal 10.2.2.2 to outside host 10.1.1.1, it will allow returning telnet packets. If you do not use second statment, you will still be able to telnet to 10.1.1.1 from 10.2.2.2 machine. Note that 10.1.1.1 will not be able to initiate telnet connection to your 10.2.2.2

If you use second statment, your are ONLY permitting internal host 10.2.2.2, to telnet to 10.1.1.1. All other outbound packets will be denied.

Thanks.

laiki · ‎11-12-2003

If the outbound access list denies telnet to 10.1.1.1 then you have to include you second statement on the outbound access list.

thanx