This chapter showed you the basics of configuring RACLs to allow the flow of traffic back into your network. RACLs have advantages over the established keyword in an extended ACL because RACL entries are temporary and disappear after either their idle timer expires or, if the connection uses TCP, the connection aborts or is gracefully terminated. RACLs should be used when CBAC is not available.

Next up is Chapter 9, which shows you how to use the Cisco CBAC feature of the Cisco IOS Firewall feature set to configure a stateful firewall function on your router. As you will see in this chapter, CBAC has many more features and functions than reflexive ACLs.