Securing Inbound Traffic when PAT is configured

Unanswered Question
Feb 22nd, 2007


Cisco ASA 5520 is being used in our company network.we are distributing internet by using PAT against one global "public"ip address at outside interface of ASA.

Actually the ip address of our proxy server is PAT within ASA5520

Now we want to apply ACL to filter some ports.But ACL didn't work bec: i used the local ip address of proxy server as a source address in the ACL.

So what is the way to block some ports so that LAN clients can't use these port services.I mean what ip address should i put in the ACL's source address.

Kindly resolve my problem.I will be thankful to u.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carenas123 Wed, 02/28/2007 - 08:53

A reflexive access list is triggered when a new IP upper-layer session (such as TCP or UDP) is initiated from inside your network, with a packet traveling to the external network. When triggered, the reflexive access list generates a new, temporary entry. This entry will permit traffic to enter your network if the traffic is part of the session, but will not permit traffic to enter your network if the traffic is not part of the session.

For example, if an outbound TCP packet is forwarded to outside of your network, and this packet is the first packet of a TCP session, then a new, temporary reflexive access list entry will be created. This entry is added to the reflexive access list, which applies to inbound traffic.


This Discussion