cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3563
Views
0
Helpful
3
Replies

ASA access list for established TCP connections

matthew.norman
Level 1
Level 1

Hello all,

I am trying to add an inbound firewall rule to allow tcp from any host if the connection was established from the inside.

I have tried this but don't get the option for the established keyword.

Can anyone advise if I am missing something?

access-list IN-BASIC-PERMIT extended permit tcp any any ***

ASA version is 8.4.

Thanks

Matt

1 Accepted Solution

Accepted Solutions

Pawan Raut
Level 4
Level 4

Cisco ASA are stateful so you dont need to add additional rule for established like in Cisco router 

View solution in original post

3 Replies 3

Pawan Raut
Level 4
Level 4

Cisco ASA are stateful so you dont need to add additional rule for established like in Cisco router 

Hi Pawan,

Thank you for the quick reply.

So if I understand correctly, anything that goes out of the firewall is allowed back in as it is automatically determined as established?

Regards

Matt

Yes thats why we called it as stateful Firewall. If foreward tarffic for any connection allowed  then return traffic for that connection is permitted by default.

Regards,

Pawan (CCIE #52104)

Kindly rate for useful post