Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
10
Helpful
2
Replies

ACL and the Established parameter

linglet
Level 1
Level 1

‎09-09-2002 01:38 PM - edited ‎02-20-2020 09:18 PM

If I create an access list such as:

!

interface FastEthernet0

ip address 192.168.10.1 255.255.255.0

!

interface Serial0

ip unnumbered FastEthernet0

ip access-group 101 in

!

access-list 101 permit tcp any host 192.168.10.10 established

with 192.168.10.1 being the gateway address, when 192.168.10.10 makes a

DNS request to the internet, will I get a response? Does a DNS request constitute an "established connection"?

Labels:
0 Helpful
2 Replies 2

nsteup
Level 1
Level 1

‎09-09-2002 08:21 PM

No, you will get no response. The implicit deny ip any any of your ACL will block the answer of your DNS requests.DNS is UDP Port 53 normally, so your ACL will not match. Try to add following:

access-list 101 permit udp host "DNS-SERVER-IP" eq DOMAIN host 192.168.10.10

Regards Norbert

linglet
Level 1
Level 1
In response to nsteup

‎09-10-2002 07:10 AM

Norbert,

Thanks for your reply.

Tracey

0 Helpful
Customers Also Viewed These Support Documents