Default timeout "permit tcp any any established"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2010 04:21 AM - edited 03-04-2019 07:45 AM
Dear All,
First I want to know the default timeout of the following acl command:
permit tcp any any established
Actually One of our server session becomes timeout after every 1 min.
Secondly I have applied access-list only on the outgoing interface (in direction). When I apply the following access-list above the established acl, I do not get any hit counts :
permit tcp any 1556 host 10.1.1.10 (for the reverse traffic)
But find hit count on the established acl. why ?
Regards,
Anser
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2010 04:18 AM
Hi,
there's no timeout in established ACL.
It's just checking the ACK/RST bit in the packet header.
I'm not sure if I understand your second question. The ACL entry syntax is wrong.
What are you trying to achieve?
Detecting a traffic from any host (source port 1556) to your host 10.1.1.10?
permit tcp any eq 1556 host 10.1.1.10
would be the correct syntax then.
HTH,
Milan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2010 12:21 PM
Actually when I give the established command then other command for tcp session does not get any hits. Only I am find hits on established command. Even I put specific tcp command above the established command. Why ?
Regards,
Anser
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2010 10:05 PM
Possibly the hosts sending data are not using source port 1556?
Why don't you try
permit tcp any host 10.1.1.10 log
to see some hits?
HTH,
Milan
