Are there any security issue when you flip interface inside and outside?
I mean some time we have some need to turn inside interface of PIX firewall to remote site and turn outside interface into inside of HO. If we strictly aware the traffic with ACL, what's else we should concern or any reason to prohibit turning around the PIX interfaces.
Re: Are there any security issue when you flip interface inside
If you have a good understanding about PIX and especially ASA's behaviour, then there is no security issue about flipping inside and outside interfaces. (imho, if you don't fully understand PIX there's always a security issue :-)))
Flipping interfaces can make some configurations extremely difficult to troubleshoot in case of running against problems. Since bi-directional translation can be done from 6.2 and higher I can hardly think of a reason to flip the inside and outside interface. But maybe anyone can think of a case where inside and outside have to be flipped (I don't think such case exists)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...