Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does CBAC require an inbound ACL to function?

Having issues getting CBAC to work - does my confiuguration also require an ACL inbound on the port config below that does "deny any any" etc. then CBAC uses this ACl top open ports selectively etc,.

interface GigabitEthernet0/0

description DS-WAN

ip address

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex full

speed 100

crypto map VPN_MAP

service-policy output IPCoS



Everyone's tags (4)

Does CBAC require an inbound ACL to function?

Hi Simon,

What about your CBAC is not 'working'?

If you do not have an ACL configured inbound it will not affect your inspect outbound but if this is a WAN interface why wouldn't you have an ACL for inbound traffic?

Please provide more info such as what is not working, and what is the goal you're trying to achieve by implementing CBAC. With this information, I can be of more help.

Kind Regards,


Kind Regards, Kevin Sheahan, CCIE # 41349
New Member

Does CBAC require an inbound ACL to function?

Actually I'm double checking my IT guys config. He didn't put an ACL inbound. My understanding is that I should have an ACL for inbound and then CBAC piggy-backs on this ACL to open up for inbound traffic that matches the inspected outbound traffic by session ID etc.


CreatePlease login to create content