From: Scott Morris (swm@emanon.com)
Date: Wed Mar 02 2005 - 16:40:02 GMT-3
Established only covers tcp sessions with the 'ack' bit.
Given the examples below, the reflexive acl only works for TCP as well, so
there really is no difference. However, reflexive ACLs can work for UDP and
ICMP as well, so don't limit yourself!
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Wednesday, March 02, 2005 2:29 PM
To: ccielab@groupstudy.com
Subject: 'established' vs. reflexive acl
i'm a bit confused about the difference between the following 2 ACL's.
int e0/0
ip access-group 101 in
access-list 101 permit tcp any any eq telnet established
AND
int e0/0
ip access-group inbound in
ip access-group outbound out
access-l extended inbound
permit tcp any any eq telnet
evaluate myreflect
access-l extended outbound
permit tcp any any reflect myreflect
does the established keyword only allow a session that was initiated
outbound then return inbound?
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:39 GMT-3