Command for one way traffic for access list

accesshollywood2 · ‎05-19-2010

Hey guys,

Do you know the command if i wanted to have one way traffic for a host on the ASA 5520?

Jon Marshall · ‎05-19-2010

What exactly do you mean by one way traffic ?

Jon

accesshollywood2 · ‎05-19-2010

for instance if i a server was only able to send traffic out the firewall interface but not recieve.......

or for the server to recieve traffic but not send.... i know it sounds a little confusing, but its how it has to be...

i know about duplex, but this is a different scenerio..

permit one way traffic from a host to a destination on a firewall....

John Blakley · ‎05-19-2010

The firewall is going to allow return traffic. If you want your server to accept traffic on port 80, then set your ACL up on the outside interface (assuming you want the public to get to it) and they'll be able to. You won't be able to do a "one-way" scenario though because of the way TCP works. It has to be able to answer the syn packet that's sent, so if you open anything up it would need to be bidirectional.

If you want to allow only your server out to the web, but not allow anyone to it or allow the server anywhere else, put an acl on the dmz or inside (wherever your server is) and only allow that one server through that one port. Everything else would be denied and no one would be able to get to it from the outside because you're not allowing sessions to be created from the outside.

If this doesn't answer your question, it'd be helpful if you told us your exact scenario.

HTH,

John

HTH, John *** Please rate all useful posts ***