hi all, by default is anything allowed out of my firewall, does the permit ip any any allow everything out, ie all tcp ports? if I wanted to just allow web traffic out, would I delete the default allow all rule off and create one for tcp port 80 to anywhere ?
It applies the acl into the inside interface which would be outbound.
If you wrote access-group inside out interface inside then the acl would be applied outbound from the inside interface, or inbound to you inside network.
Also, not to confuse you more, if you apply the acl on the outside interface, it would be as you suggested. access-group inside out interface outside would be outgoing from inside network. access-group inside in interface outside would be incoming traffic from the outside.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...