From: Privat\ ("Erling)
Date: Mon Oct 14 2002 - 06:47:40 GMT-3
Hi,
the keyword established indicate that the IOS is looking at the TCP-header and allow packets with the ACK- or RST-bit activated. I.e. if only the SYN-bit is activated then the packet is dropped. This is normaly used to protect a server in your net. Packet flow to this server is only allowed if the server itself has initiated the session.
Eg. permit tcp any host x.x.x.x established
In your case traffic from host 192.168.0.190 to any with port 23 and the ACK- or RST-bit activated are allowed.
Hope this help and I hope it is correct ;-)
Regards
Erling Bjontegard
----- Original Message -----
From: "James" <kang_z@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Monday, October 14, 2002 2:20 AM
Subject: keyword "established" in access-list
> hi all
> a simple question but confuse me long time.
> topoloy is like:
>
> R2(s1)---------------------(s1)R1(e0)-------------(e)R4
> 172.16.21.0 192.168.1.0/24
> i applied a access-list on R1's s1, as follow:
> interface Serial1
> ip address 172.16.21.1 255.255.255.0
> ip access-group allow_telnet in
>
> ip access-list extended allow_telnet
> permit ospf any any
> permit icmp any any echo
> permit icmp any any echo-reply
> permit tcp host 192.168.0.190 any eq telnet established log
> i can not telnet between R2 and R4 on both direction. so how to use
> established to control the session.
> thanks in advance
> james
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:46 GMT-3