Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACL's on PIX ver 6.1

When I apply an ACL (inbound) to the outside interface that allows specific traffic to an inside host and I have an ACL (inbound) on the inside interface will that stop replies back to my originating host? In other words do I need to allow for the replies back from the inside host on the inside ACL or is it that once the connection is established the ACL on the inside is not referenced?

Cisco Employee

Re: ACL's on PIX ver 6.1

ACL on outside will prevent outside from coming in.

ACL on the inside will prevent inside from going out.

Please look at this link for explanation on how to allow traffic through the pix:


New Member

Re: ACL's on PIX ver 6.1

I've already read that doc, but what everyone seems to "not hit on the head"

is the original question. Will an ACL applied to the inside STOP a reply back to a request that was made from the outside or since the request was accepted by the outsides ACL it then becomes a connection in the state table therefore the inside ACL is not applied, is this true?

Cisco Employee

Re: ACL's on PIX ver 6.1

No. The outside ACL is for outside . The inside ACL is for the inside.

The state table you are talking about works for high security to low security, not the reverse.

New Member

Re: ACL's on PIX ver 6.1

O.K. So the ACL's are ONLY applied to connection requests not replies?

CreatePlease to create content