Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA 5500 NSEL Ingress and Egress ACL's

Traffic across firewalls passes through the access rules. In PIX devices, single ACL is matched to a traffic, whereas in Cisco ASA 5500, traffic is matched to two ACL's (ingress and egress ACL). I have come across these in the below Cisco NSEL document

http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html#wp1028790

Why do we need this? Can anyone explain me or redirect me to some document that throws some lights on these.

Thanks

Nathan

1 REPLY
Hall of Fame Super Blue

Re: Cisco ASA 5500 NSEL Ingress and Egress ACL's

Nathan

Not strictly accurate. Pix v6.x and before did not support outbound acls on an interface. However Pix v7.x and onwards does support outbound acls so both the ASA and Pix (v7.x onwards) support both outbound and inbound acls.

When to use outbound acls really depends on your requirements. Most times you can use inbound acls but outbound can be useful in certain situations.

Jon

721
Views
0
Helpful
1
Replies