Quick question re Access-lists Outside & Inside

Unanswered Question
May 22nd, 2009
User Badges:

New to networking so just need someone to confirm this please regarding ASA firwall. If I have created an access-list on the outside interface which allows an outside device to to create a connection to a specific ip address and port on the inside do I also need to create an entry on the inside interface access-list to allow the return traffic?

Many Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
handsy Fri, 05/22/2009 - 02:19
User Badges:

Short answer: No you don't

Long answer: Cisco ASA firewalls are stateful, therefore when a connection is built in 1 direction, the other direction is automatically allowed. Also, a connection iniating from inside (high security interface) to outside (low security) is automatically allowed through so long as an accompanying NAT rule is in place.

Hope this helps :)

Please rate posts if they help you.


This Discussion