Default timeout "permit tcp any any established"

Muhammad Anser Khan · ‎03-09-2010

Dear All,

First I want to know the default timeout of the following acl command:

permit tcp any any established

Actually One of our server session becomes timeout after every 1 min.

Secondly I have applied access-list only on the outgoing interface (in direction). When I apply the following access-list above the established acl, I do not get any hit counts :

permit tcp any 1556 host 10.1.1.10 (for the reverse traffic)

But find hit count on the established acl. why ?

Regards,

Anser

milan.kulik · ‎03-11-2010

Hi,

there's no timeout in established ACL.

It's just checking the ACK/RST bit in the packet header.

See http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#internalnetworks

I'm not sure if I understand your second question. The ACL entry syntax is wrong.

What are you trying to achieve?

Detecting a traffic from any host (source port 1556) to your host 10.1.1.10?

permit tcp any eq 1556 host 10.1.1.10

would be the correct syntax then.

HTH,

Milan

Muhammad Anser Khan · ‎03-11-2010

Actually when I give the established command then other command for tcp session does not get any hits. Only I am find hits on established command. Even I put specific tcp command above the established command. Why ?

Regards,

Anser

milan.kulik · ‎03-11-2010

Possibly the hosts sending data are not using source port 1556?

Why don't you try

permit tcp any host 10.1.1.10 log

to see some hits?

HTH,

Milan