Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose
two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16
network using TCP and the server port of 2001. The inside client negotiates a client port in the
range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to
the inside client on the negotiated port within the specified UDP port range.
A.
access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001
access-group INSIDE in interface inside
B.
access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001
access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established
access-group INSIDE in interface inside
C.
access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500
access-group OUTSIDE in interface outside
D.
access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established
access-group OUTSIDE in interface outside
E.
established tcp 2001 permit udp 5000-5500
F.
established tcp 2001 permit from udp 5000-5500
G.
established tcp 2001 permit to udp 5000-5500
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp1764664
Established command—This command allows return connections from a lower security host to a
higher security host if there is already an established connection from the higher level host to the
lower level host.
For same security interfaces, you can configure established commands for both directions.