07-19-2012 01:36 PM - edited 03-11-2019 04:32 PM
im a newbie so be easy on me....
i connected to a asa 5510 at work
i checked the GUI of creating access rules
i see that by default all rules are created as incoming and only by choosing "more options" a outgoing rule can be set.
is there any reason for this? why is this option "hidden" ?
Solved! Go to Solution.
07-20-2012 02:55 AM
You can configure 10 different ACL incoming to each user vlan interface, or you can create 1 ACL outgoing on server vlan.
Either way is fine, typically you would see which is the least number of line of ACL and apply it accordingly.
07-20-2012 01:00 AM
Incoming is the most used access-list, where it is incoming towards the interface. Outgoing is seldom used as it is outgoing off the interface.
Don't be confused with the term incoming and outgoing, as it doesn't mean incoming and outgoing off the firewall, but it is incoming and outgoing off the ASA interfaces.
07-20-2012 02:06 AM
if for example i want to block 10 different user vlans from accesing 1 server vlan
wouldnt i place a deny access rule outgoing on the server vlan interface?
or would i place it incoming on each user vlans interface?
07-20-2012 02:55 AM
You can configure 10 different ACL incoming to each user vlan interface, or you can create 1 ACL outgoing on server vlan.
Either way is fine, typically you would see which is the least number of line of ACL and apply it accordingly.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: