Hi,
While implementing IOS based firewall,
normally we will apply
permit ACL to inside interface of router.
Followed by ip inspect rule in "in" direction. Then apply deny all ACL on outside interface so that connections initiated from internet are not allowed.
This will allow only return traffic which was originated from inside region.
int fa0/1
description "inside interface"
ip add 10.1.1.1 255.255.255.0
ip access-group test in
ip inspect from_inside in
int fa0/0
description "outside"
ip access-group block_all
ip address 10.10.2.1 255.255.255.252
Now can we apply same inspection rule on outside interface in out direction to have same results.
for example for above case
int fa0/1
description "interface"
ip add 10.1.1.1 255.255.255.0
ip access-group test in
(no inspection rule applied on fa0/1 )
int fa0/0
description "outside"
ip access-group block_all
ip address 10.10.2.1 255.255.255.252
ip inspect from_inside out
(inspection rule applied on outside interface with out direction)
Will this conf. will have the same result as that of original configuration.
Please share the experience.
Thanks in advance.
Subodh