Cisco Support Community
Community Member

firewall behavior

hi all, just a quick question about pix/asa's , if I want internet access outbound, do I just need to allow port 80 outbound and this will automatically let the pc that made the request back in ?


Re: firewall behavior

Hi Carl,

you don't need to open port 80 for accessing internet from inside LAN.

Since PIX work on adaptive security algorithm by default all traffic generating from inside LAN to outside will be allowed and return traffic for the same request will be allowed by the PIX because it inspect each and every packet traversing its inside and outside traffic.

However if a request is initiated from outside towards inside network, it will be blocked by PIX unless you open port on PIX or apply conduits/access list on the outside interface.

hope it helps ....

Re: firewall behavior

Hi Carl,

I am not sure if I have understood your question properly. You have to just enable NAT on the outside interface and it will automatically allows your PC to go to the internet. You have to point a default route on your PIX to the next hop of the outside interface. You also have to use ACl's to allow the traffic in.

HTH, Please rate if it does.

-amit singh

Community Member

Re: firewall behavior

what acl would i need to allow back in, i thought the inspection would allow it back through as its an established connection

CreatePlease to create content