Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
1
Replies

Cisco ASA 5500 NSEL Ingress and Egress ACL's

senthil085
Level 1
Level 1

‎11-13-2009 12:02 AM - edited ‎03-11-2019 09:39 AM

Traffic across firewalls passes through the access rules. In PIX devices, single ACL is matched to a traffic, whereas in Cisco ASA 5500, traffic is matched to two ACL's (ingress and egress ACL). I have come across these in the below Cisco NSEL document

http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html#wp1028790

Why do we need this? Can anyone explain me or redirect me to some document that throws some lights on these.

Thanks

Nathan

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-13-2009 03:50 AM

Nathan

Not strictly accurate. Pix v6.x and before did not support outbound acls on an interface. However Pix v7.x and onwards does support outbound acls so both the ASA and Pix (v7.x onwards) support both outbound and inbound acls.

When to use outbound acls really depends on your requirements. Most times you can use inbound acls but outbound can be useful in certain situations.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card