Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ACL or IOS firewall?

If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router?  The IOS firewall feature or the ACLs?

3 REPLIES
Hall of Fame Super Blue

Re: ACL or IOS firewall?

insccisco wrote:

If I have ACLs applied on the outside interface and also the IOS firewall feature turned on on a Cisco router, does this make sense? will this be redundant? I guess the question will be what takes priority when there is a request coming in the inbound direction (from the outside world) towards the Outside interface of the router?  The IOS firewall feature or the ACLs?

CBAC happens after acl checks on the outside to interface direction, see this link for full order of operations on IOS router -

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Jon

Community Member

Re: ACL or IOS firewall?

I was under the impression that the router will first "inspect" the state table.

I will take a look at the link now

Cisco Employee

Re: ACL or IOS firewall?

Let's say the ACL is applied inbound on the outside and the inspection is applied outbound.

Then for outbound (initiated from inside) traffic the inspection is applied and pinholes are opened in the ACL for the return.

For traffic initiated from the outside ACL is checked.

I hope it helps.

PK

463
Views
0
Helpful
3
Replies
CreatePlease to create content