Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
1
Replies

IOS-firwall inspect rule direction

bapatsubodh
Level 1
Level 1

‎07-22-2009 01:25 PM - edited ‎03-06-2019 06:54 AM

Hi,

While implementing IOS based firewall,

normally we will apply

permit ACL to inside interface of router.

Followed by ip inspect rule in "in" direction. Then apply deny all ACL on outside interface so that connections initiated from internet are not allowed.

This will allow only return traffic which was originated from inside region.

int fa0/1

description "inside interface"

ip add 10.1.1.1 255.255.255.0

ip access-group test in

ip inspect from_inside in

int fa0/0

description "outside"

ip access-group block_all

ip address 10.10.2.1 255.255.255.252

Now can we apply same inspection rule on outside interface in out direction to have same results.

for example for above case

int fa0/1

description "interface"

ip add 10.1.1.1 255.255.255.0

ip access-group test in

(no inspection rule applied on fa0/1 )

int fa0/0

description "outside"

ip access-group block_all

ip address 10.10.2.1 255.255.255.252

ip inspect from_inside out

(inspection rule applied on outside interface with out direction)

Will this conf. will have the same result as that of original configuration.

Please share the experience.

Thanks in advance.

Subodh

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎07-22-2009 01:28 PM

Yes it will. Be aware though that other interfaces will also use this inspection to the outside.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card