Cisco ASA 5500 NSEL Ingress and Egress ACL's

Unanswered Question
Nov 13th, 2009
User Badges:

Traffic across firewalls passes through the access rules. In PIX devices, single ACL is matched to a traffic, whereas in Cisco ASA 5500, traffic is matched to two ACL's (ingress and egress ACL). I have come across these in the below Cisco NSEL document

Why do we need this? Can anyone explain me or redirect me to some document that throws some lights on these.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 11/13/2009 - 03:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Not strictly accurate. Pix v6.x and before did not support outbound acls on an interface. However Pix v7.x and onwards does support outbound acls so both the ASA and Pix (v7.x onwards) support both outbound and inbound acls.

When to use outbound acls really depends on your requirements. Most times you can use inbound acls but outbound can be useful in certain situations.



This Discussion