Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Command for one way traffic for access list

Hey guys,

Do you know the command if i wanted to have one way traffic for a host on the ASA 5520?

Hall of Fame Super Blue

Re: Command for one way traffic for access list

What exactly do you mean by one way traffic ?


New Member

Re: Command for one way traffic for access list

for instance if i a server was only able to send traffic out the firewall interface but not recieve.......

or for the server to recieve traffic but not send.... i know it sounds a little confusing, but its how it has to be...

i know about duplex, but this is a different scenerio..

permit one way traffic from a host to a destination on a firewall....

Re: Command for one way traffic for access list

The firewall is going to allow return traffic. If you want your server to accept traffic on port 80, then set your ACL up on the outside interface (assuming you want the public to get to it) and they'll be able to. You won't be able to do a "one-way" scenario though because of the way TCP works. It has to be able to answer the syn packet that's sent, so if you open anything up it would need to be bidirectional.

If you want to allow only your server out to the web, but not allow anyone to it or allow the server anywhere else, put an acl on the dmz or inside (wherever your server is) and only allow that one server through that one port. Everything else would be denied and no one would be able to get to it from the outside because you're not allowing sessions to be created from the outside.

If this doesn't answer your question, it'd be helpful if you told us your exact scenario.



HTH, John *** Please rate all useful posts ***
CreatePlease to create content