Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

¿ The acl for "dmz access to inside" can slow performance ?

Guys,

If you si any problems with the ACL, I ask that you please let me know at once.

My users are reporting latency with the web server after I implemented this rule. Please advise. Thanks.

access-list 109 extended permit tcp host 172.16.8.22 host 192.168.54.235 eq 8009

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.235 eq 8009

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.198 eq domain

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.196 eq domain

access-group 109 in interface DMZ

So, in what issues the acls can produce a slow access or performance ?

1 REPLY
Silver

Re: ¿ The acl for "dmz access to inside" can slow performance

access-class is used to define, generally by source-address, which remote systems are allowed to connect via telnet or ssh to your device.

access-group specifies instead an ACL for packets allowed to traverse an interface, independently from the fact these are destined to the router or not.

An ACL applied outbound (with access-group out) will filter only traffic that goes through the router but will not filter traffic that originates on the router.

119
Views
0
Helpful
1
Replies
CreatePlease to create content