Cisco Firewall Inside and Outside

Just a reminder to myself:

Example:

inside_access_in any ---> any ---> icmp
inside_access_out any ---> any ---> ip


access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside


Inside_access_in is an 'Inbound' access-list, and inside_access_out is an 'Outbound' access list. An inbound access-list is applied to traffic as it ENTERS that interface. Inversely, an outbound access-list is applied to traffic as it EXITS that interface.

Configuration is preventing any non-icmp traffic from entering the inside interface on the firewall. ONLY allowing ICMP traffic to enter the inside interface from the inside network, you need to allow other types of traffic.

(in interface outside) won't allow any additional traffic from the OUTSIDE. However, it will allow ALL traffic from your inside interface to get to the outside (Ideal to some extent)

By default a Cisco ASA will allow all traffic from a higher-security interface (Inside) to a lower-security interface (Outside).
http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html





Popular Posts