On an ASA 5500 I have setup basic extended access-lists (eg access-list inside_access_out)
My connections work, however I am seeing alot of Denies such as:
Deny tcp src 192.168.1.1/80 to 192.168.2.1:65535 which is the reply to a connection started on the internal interface.
Even with the denies, the connections still work but I don't know why i am seeing these. I have applied the access-lists to access-groups using the access-group "in" interface inside
Can anyone also tell me how ASA regards inbound/outbound to an interface? Is inbound describing a packet coming into an interface externally or through the firewall, say from inside interface to outside interface
You are correct, inbound is for a packet entering into the interface and outbound is for a packet leaving the interface. So the rules of inbound ACL are applied when a packet enters the interface and rules of outbound ACL are applied when a packet leaves the interface. The reason you are getting Deny messages could be because these reply messages donot meet the standard for the connection setup, one possible case could be that the other machine maybe trying to open up a different connection to the machine which is starting the connection and these packets are denied by the PIX/ASA. This is a typical behaviour of some applications.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...