04-28-2010 05:52 PM - edited 03-11-2019 10:38 AM
If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router? The IOS firewall feature or the ACLs?
04-29-2010 02:38 AM
insccisco wrote:
If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router? The IOS firewall feature or the ACLs?
CBAC happens after acl checks on the outside to interface direction, see this link for full order of operations on IOS router -
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Jon
04-29-2010 09:41 AM
I was under the impression that the router will first "inspect" the state table.
I will take a look at the link now
04-29-2010 03:20 PM
Let's say the ACL is applied inbound on the outside and the inspection is applied outbound.
Then for outbound (initiated from inside) traffic the inspection is applied and pinholes are opened in the ACL for the return.
For traffic initiated from the outside ACL is checked.
I hope it helps.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: