Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1472
Views
5
Helpful
2
Replies

ACL and the established parameter

jgadbois
Level 1
Level 1

‎09-09-2002 03:09 PM - edited ‎02-20-2020 09:18 PM

When does a connection become "established"? For instance, if I have an access list which allows any TCP port to come "in" to a serial interface if the connection is established, are there any gotcha's associated with that? I tried an access list like this but could not make any DNS requests (or so it seemed).

access-list 101 permit tcp any host 63.113.103.19 established

!

interface Serial0.1 point-to-point

bandwidth 1536

ip unnumbered FastEthernet0

frame-relay interface-dlci 500 IETF

ip access-group 101 in

Labels:
0 Helpful
2 Replies 2

jshakyan
Cisco Employee
Cisco Employee

‎09-09-2002 10:43 PM

Established statements in ACL have no effect with DNS (UDP 53). Host DNS query uses UDP and not a TCP protocol. Since UDP is a connectionless protocol, in your case the return DNS response UDP packet gets denied by your accelss-list. Established parameter checks and permits/denies incoming TCP packets that have RST or ACK bit set.

You need to have the following line in your ACL:

access-list 101 permit udp host xx.xx.xx.xx eq 53 host 63.113.103.19

where xx.xx.xx.xx is the IP address of DNS server.

jgadbois
Level 1
Level 1
In response to jshakyan

‎09-10-2002 07:13 AM

Thanks for your reply. It's these little things that seem to stump me all the time.

Jim

0 Helpful
Customers Also Viewed These Support Documents