«

In article <. com>,
wrote:

> Firstly:-
>
> access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14
> eq smtp
> access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59
> established
>
> In a /normal/ access list that was filtering interface traffic
> the "established" keyword effectively stops TCP sessions
> from starting by blocking the initial SYN packet which does not
> have the ACK bit (or RST) bit set.

No it does't. The established keyword doesn't block anything, it just
permits the returning packets on a connection that was already allowed
to start by some other entry in the ACL.

--
Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***