Well, there are a lot of differences, but the main difference here is:
- IOS ACL (without IOS FW aka ip inspect) is packet based, i.e. every packet entering/leaving the interface is matched against the inbound/outbound ACL.
- PIX/ASA is connection based, and only checks traffic transiting the firewall. Traffic that is part of connections originating from the ASA (e.g. Radius) is always permitted.
Connections destined to the firewall (e.g. ping, SSH to the ASA) are controlled by other means (e.g. the icmp and ssh commands).
So for the Radius example: as soon as the ASA sends an Access-Request, it will create a conn(ection) in its internal conn table and set a timer. When the radius reply comes back from ACS (before the timer expires), it accepts it because it is part of the conn.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...