On the PIX/ASA, I know that traffic that originates from a higher security interface is considered outbound, but what about the return traffic for that connection. Is the return traffic considered inbound or outbound? Do counters classify the traffic differently than ACL's from that perspective?
The trafiic that is from a lower security level to higher security is an inbound traffic even if it is some kind of return traffic. Yes, the counters will be different than the ACL hits because the ACL will be checked only once and the traffic will be allowed or denied based on the rule, however the same will be applcaible for the subsequent traffic so there will be no ACL hit but the counter will be incremented.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...