Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Access Lists - keyword?
Daniel333
I am pretty frustrated at the momement, been at this for over 6months and feel like I should have this stuff down by now. (just got a 70% on the ICND test from Cisco.com) So anyway, here was one of the questions I ran into that really threw me for a loop.
60. What does the established keyword in an IP extended access list statement specify?
Answer: TCP traffic will match the statement if it is part of an already established connection (ack bit set)
Are they trying to say there needs to be a connection already in order to filter by TCP port?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
floppydisk
my interpretation would be the definition of an extended ACL....since it uses source / destination IP address and tcp ports on the statement, when the TCP session negotiates they need to exchange these types of information. So when there's a match the ACL kicks in....
correct me if i'm wrong. Thanks.
redgoblin
Yes - this is useful in a corporate network that might have its own web servers in a DMZ. Basically the purpose of the 'established' keyword is to allow traffic back into a network that created the traffic. An example might make things clearer:
Corporate office has a main LAN of 10.10.10.10/24 which is connected to Router1. On the other side of Router1 is a DMZ that houses internal web servers for employees of the company and uses the subnet 10.1.1.0/24. Sometimes, in addition to accessing the companies web servers, the corporate LAN users might need to use the internet to grab files etc.
So, we can restrict the corporate LAN users to only internal web server resources and external internet file transfers by using an ACL. The key thing here is that we will deny ALL traffic that coming into the corporate LAN except for the web services and the file transfers. Since the corporate LAN users will create or 'establish' those TCP connections, it makes sense to let only traffic that originates from the corporate network back into the network, and to deny everything else.
Example: access-list 176 permit tcp any any established
The above ACL will only let traffic originating on the corporate LAN to return to it (ie web server traffic and FTP traffic).
In some ways you can think of these types of ACLs as being a hotel security guard. If a person that originates from outside the hotel (a stranger!) tries to come inside, the security guard will deny him access. However, if a guest of the hotel goes outside and comes back in, the security guard will allow him through since he originated from within the hotel.
HTH
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
