cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
225
Views
0
Helpful
1
Replies

access to internet

carl_townshend
Spotlight
Spotlight

On my network, the internet goes via the pix, basically allowing only port 80 outbound, does the pix automatically let these sessions back in ? would it make a difference if I allowed say port 80 inbound ? or would i only do this for a server ?

1 Reply 1

mmorris11
Level 4
Level 4

Carl,

The pix uses something called Adaptive Security Algorithm which handles this. This is why you are able to designate one port (usually the "outside" interface) as having a "security level" of 0 and inside security level 100. Other interfaces like DMZs will have a security level somewhere in between. You can think of these security levels like waterfalls into a river below. The high security level interfaces can send everything and anything out of a lower security level interface by default but anything that is permitted to come through a lower level interface to a higher level interface must be permitted explicitly with an access list. So you are correct in that you would only write a list to allow port 80 inbound if you were hosting a web server. Responses to client requests belonging to an existing tcp connection which orginated from the client (session state) are automatically allowed in the outside interface.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco