Re: ACL's on PIX ver 6.1

mark.theisen · ‎07-30-2002

When I apply an ACL (inbound) to the outside interface that allows specific traffic to an inside host and I have an ACL (inbound) on the inside interface will that stop replies back to my originating host? In other words do I need to allow for the replies back from the inside host on the inside ACL or is it that once the connection is established the ACL on the inside is not referenced?

edadios · ‎07-30-2002

ACL on outside will prevent outside from coming in.

ACL on the inside will prevent inside from going out.

Please look at this link for explanation on how to allow traffic through the pix:

http://www.cisco.com/warp/customer/707/28.html

Regards,

mark.theisen · ‎07-31-2002

I've already read that doc, but what everyone seems to "not hit on the head"

is the original question. Will an ACL applied to the inside STOP a reply back to a request that was made from the outside or since the request was accepted by the outsides ACL it then becomes a connection in the state table therefore the inside ACL is not applied, is this true?

edadios · ‎07-31-2002

No. The outside ACL is for outside . The inside ACL is for the inside.

The state table you are talking about works for high security to low security, not the reverse.

mark.theisen · ‎07-31-2002

O.K. So the ACL's are ONLY applied to connection requests not replies?