cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
682
Views
0
Helpful
3
Replies

ACL or IOS firewall?

insccisco
Level 1
Level 1

If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router?  The IOS firewall feature or the ACLs?

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

insccisco wrote:

If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router?  The IOS firewall feature or the ACLs?

CBAC happens after acl checks on the outside to interface direction, see this link for full order of operations on IOS router -

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Jon

I was under the impression that the router will first "inspect" the state table.

I will take a look at the link now

Let's say the ACL is applied inbound on the outside and the inspection is applied outbound.

Then for outbound (initiated from inside) traffic the inspection is applied and pinholes are opened in the ACL for the return.

For traffic initiated from the outside ACL is checked.

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: