Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS-firwall inspect rule direction

Hi,

While implementing IOS based firewall,

normally we will apply

permit ACL to inside interface of router.

Followed by ip inspect rule in "in" direction. Then apply deny all ACL on outside interface so that connections initiated from internet are not allowed.

This will allow only return traffic which was originated from inside region.

int fa0/1

description "inside interface"

ip add 10.1.1.1 255.255.255.0

ip access-group test in

ip inspect from_inside in

int fa0/0

description "outside"

ip access-group block_all

ip address 10.10.2.1 255.255.255.252

Now can we apply same inspection rule on outside interface in out direction to have same results.

for example for above case

int fa0/1

description "interface"

ip add 10.1.1.1 255.255.255.0

ip access-group test in

(no inspection rule applied on fa0/1 )

int fa0/0

description "outside"

ip access-group block_all

ip address 10.10.2.1 255.255.255.252

ip inspect from_inside out

(inspection rule applied on outside interface with out direction)

Will this conf. will have the same result as that of original configuration.

Please share the experience.

Thanks in advance.

Subodh

1 REPLY

Re: IOS-firwall inspect rule direction

Yes it will. Be aware though that other interfaces will also use this inspection to the outside.

Hope that helps.

105
Views
0
Helpful
1
Replies