Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Securing Inbound Traffic when PAT is configured


Cisco ASA 5520 is being used in our company network.we are distributing internet by using PAT against one global "public"ip address at outside interface of ASA.

Actually the ip address of our proxy server is PAT within ASA5520

Now we want to apply ACL to filter some ports.But ACL didn't work bec: i used the local ip address of proxy server as a source address in the ACL.

So what is the way to block some ports so that LAN clients can't use these port services.I mean what ip address should i put in the ACL's source address.

Kindly resolve my problem.I will be thankful to u.


Re: Securing Inbound Traffic when PAT is configured

A reflexive access list is triggered when a new IP upper-layer session (such as TCP or UDP) is initiated from inside your network, with a packet traveling to the external network. When triggered, the reflexive access list generates a new, temporary entry. This entry will permit traffic to enter your network if the traffic is part of the session, but will not permit traffic to enter your network if the traffic is not part of the session.

For example, if an outbound TCP packet is forwarded to outside of your network, and this packet is the first packet of a TCP session, then a new, temporary reflexive access list entry will be created. This entry is added to the reflexive access list, which applies to inbound traffic.

CreatePlease to create content