Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access to internet

On my network, the internet goes via the pix, basically allowing only port 80 outbound, does the pix automatically let these sessions back in ? would it make a difference if I allowed say port 80 inbound ? or would i only do this for a server ?

  • Other Network Infrastructure Subjects

Re: access to internet


The pix uses something called Adaptive Security Algorithm which handles this. This is why you are able to designate one port (usually the "outside" interface) as having a "security level" of 0 and inside security level 100. Other interfaces like DMZs will have a security level somewhere in between. You can think of these security levels like waterfalls into a river below. The high security level interfaces can send everything and anything out of a lower security level interface by default but anything that is permitted to come through a lower level interface to a higher level interface must be permitted explicitly with an access list. So you are correct in that you would only write a list to allow port 80 inbound if you were hosting a web server. Responses to client requests belonging to an existing tcp connection which orginated from the client (session state) are automatically allowed in the outside interface.


This widget could not be displayed.