Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access to internet

On my network, the internet goes via the pix, basically allowing only port 80 outbound, does the pix automatically let these sessions back in ? would it make a difference if I allowed say port 80 inbound ? or would i only do this for a server ?

  • Other Network Infrastructure Subjects
1 REPLY
Silver

Re: access to internet

Carl,

The pix uses something called Adaptive Security Algorithm which handles this. This is why you are able to designate one port (usually the "outside" interface) as having a "security level" of 0 and inside security level 100. Other interfaces like DMZs will have a security level somewhere in between. You can think of these security levels like waterfalls into a river below. The high security level interfaces can send everything and anything out of a lower security level interface by default but anything that is permitted to come through a lower level interface to a higher level interface must be permitted explicitly with an access list. So you are correct in that you would only write a list to allow port 80 inbound if you were hosting a web server. Responses to client requests belonging to an existing tcp connection which orginated from the client (session state) are automatically allowed in the outside interface.

HTH

100
Views
0
Helpful
1
Replies
This widget could not be displayed.