ワンストップのインテリジェント IT ソリューション

dw@donewin.com.hk |

IsthereaperformanceadvantagewhenusingthetheIPaccesslistkeywordestablishedonanextendedACL?Doesusing"established"maketheaccesslistmorevulnerable?Doyouhavespecificexamplesoftheusage?

Cisco ルーターに関するよくある質問よくある質問

Is there a performance advantage when using the the IP access list keyword established on an extended ACL? Does usingestablishedmake the access list more vulnerable? Do you have specific examples of the usage?

There is no real performance advantage. The keyword establishedsimply means that packets with the acknowledgment (ACK) or reset (RST) bits set are let through. To learn more about ACLs in general, refer to Configuring IP Access Lists.

The establishedkeyword allows the internal hosts to make external TCP connections and to receive the return control traffic. In most scenarios, this type of ACL would be essential on a firewall configuration. The same result can also be achieved either by using Reflexive ACLs or Context-Based Access Control. Refer to Configuring Commonly Used IP ACLsfor some sample configurations.

前へ:

次:

返信を残す

ライブチャット
伝言を残す

    24 − 16 =