Access list


I have 2 cisco routers. A and B.

A must able to initiate TCP connections to B and be able to receive packets in response to its own connections.  

But B can't initialize TCP connections to A.

How do i configure that in the excesslist?

Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AgeOfWarsAuthor Commented:

I meant I have 2 computers, A and B connected to one router.

PC A must be able to initiate TCP connections to B and be able to receive packets in response to its own connections.  

But PC B alone can't initialize TCP connections to A.

how do I configure the accesslist

Thank you

Hi AgeOfWars,
Create an access list which only permits established connections back to computer A :-
access-list 101 permit tcp any any established
access-list 101 deny ip any any

Then apply this access-list in the outbound direction on the interface computer A connects to.
AgeOfWarsAuthor Commented:
Hi GrBlades,

I have 2 questions)

Can you briefly explain the use of TCP and IP in the sentence. I know what they means but I don't really get it.

Say, PC A is connected to Router port 1 and B is connected to router port 2. When a packet travels from PC A to PC B, the accesslist will activate becuase it is applied to port 1. my question is when a packet travelling from PC B to PC A, it will go through port 1, route to port 2 and to PC A, will the accesslist applied on port 1 be activated?
if yes, which will be the outbound and inbound port?

Thank you.
1) The TCP keyword means the line only matches TCP type packets. This is required in order to use the 'established' keyword. This like therefore permits all TCP replies back to PC A but does not allow any new connections to it from other machines.
The IP keyword basically means any IP traffic. This line basically sais to deny anything else.

2) The access-list is applied to the outbound direction so when traffic goes from PC A it goes into the port so does not go through the access-list. The reply from PC B does go out of that port so gets checked against the access-list.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AgeOfWarsAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.