Justin, This is typically used in an Internet/NAT situation where you are allowing something from the Internet to come back in, only if it's a reply to a request that originated from inside your network. For instance, with a router connected to the Internet, you typically want an access-list applied to your Internet-facing port that denies incoming traffic, as you don't want them trying to walk all over your router or network. However, this same access list will drop valid replies to requests from clients inside your network, i.e. http replies, etc.
With the 'established' option, you can tell the router with access lists "drop everything inbound from the Internet, except replies to requests made from inside my network". Typically, people do this because they don't want to pay for a firewall, but this isn't the best thing to do. If you need to set this up for someone for Internet access, you need to dig a little deeper into it because if my memory serves me right, this command may or may not work with UDP traffic and only TCP traffic. I'm not sure and might be totally wrong, so you need to check. Hope this helps, Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36127&t=36124 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]