Established qualifier

The ACL containing the "established" clause is applied to the inbound side of your S0 interface. You also have NAT configured with S0 as "outside". This is similar to how you would configure a simple firewall application. Connections that originate on the inside (F0) can connect to outside hosts, and their return packets are allowed thru. Connections from outside to inside will fail, because their initial SYN packet will be dropped by this ACL; they do not look like they are part of an already-established connection.

This simple configuration provides some basic protection, but is not as solid as an actual firewall. It relies on checking each packet "stand-alone" to determine if it is part of an established connection. A stateful firewall (firewall appliance or IOS router with FW feature set) will actually inspect all of the packets allowed thru from the inside, and keeps track of all the connections that they would create. Inbound packets are then matched to this list to decide if they should be dropped or not.

Thank you for the information. That makes perfect sense. It seems this isn't a very secure way to proceed due to the fact that if a single "inside" host is infected with any type of malware, spyware, Trojan, etc.. then that host would be able to send information out and wouldn't have to worry about the return connection due to the ACL. I am very eager to learn "improved" firewall strategies and the router I'm currently working on has a firewall IOS. I just needed to get some basics down first. Again, thanks.

Carl.

Established means that you initiated it... So, any traffic coming back would meet the requirement.

Jonathan