Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

Strange behavior with Communication between sub-interfaces

kbrinnehl
Level 1
Level 1

‎09-10-2009 11:39 AM - edited ‎03-11-2019 09:14 AM

I have a 5550 with 10 sub-interfaces (vlans) configured on Five physical Interfaces. Each sub-interface has a different security level based on function. I've noticed that I only have to write an egress rule for traffic to pass from a lower security level interface to higher security level interface. I would have thought I would need to write rules to allow the traffic in both the out and in directions. We are not using NAT, all public IP addresses. Any thoughts on this? Example: if I allow tcp port 3389 out of our production data vlan to our admin vlan I only have to write an ACL that says allow tcp/3389 out of production data. I do not need to write an ACL that allows tcp/3389 into the admin vlan. Is this normal behavior?

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎09-10-2009 11:39 AM

Yes it's normal. It's what makes up the stateful firewall.

http://en.wikipedia.org/wiki/Stateful_firewall

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card