https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402806#M723988 <HTML><HEAD></HEAD><BODY><P>Mostly people only apply acl "IN" on an interface.&nbsp; We have seen cases where people apply acl IN and OUT on the same interface by mistake.</P><P>In some cases there as been a requirement. Like for example you have inside, dmz and outside.&nbsp; You manage inside and outside interface acl but another team manages the dmz acl.&nbsp; They allow everything on their interface but, you want to control what leaves the outside interface so, you can apply an acl OUT on the outside interface.</P><P></P><P>So, it depeds on the requirement.</P><P></P><P>-KS</P></BODY></HTML> Wed, 20 Jan 2010 16:55:53 GMT Kureli Sankar 2010-01-20T16:55:53Z https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402804#M723986 <P>Hi All,</P><P></P><P>For ASA, is there any standard or a need of having a in and out access-group for each inside or outside interface, or is it base on situation and requirement?</P><P></P><P>Regards,</P><P>Lawrence</P> Mon, 11 Mar 2019 16:59:18 GMT https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402804#M723986 noobieee7 2019-03-11T16:59:18Z https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402805#M723987 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>noobieee7 wrote:</P><P></P><P>Hi All,</P><P></P><P>For ASA, is there any standard or a need of having a in and out access-group for each inside or outside interface, or is it base on situation and requirement?</P><P></P><P>Regards,</P><P>Lawrence</P></PRE><P></P><P>Lawrence</P><P></P><P>It is based purely on situation and requirement. Inbound access-lists are by far the most commonly used but i have had situations in the past where an outbound acl has been very useful.</P><P></P><P>Jon</P></BODY></HTML> Wed, 20 Jan 2010 16:54:38 GMT https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402805#M723987 Jon Marshall 2010-01-20T16:54:38Z https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402806#M723988 <HTML><HEAD></HEAD><BODY><P>Mostly people only apply acl "IN" on an interface.&nbsp; We have seen cases where people apply acl IN and OUT on the same interface by mistake.</P><P>In some cases there as been a requirement. Like for example you have inside, dmz and outside.&nbsp; You manage inside and outside interface acl but another team manages the dmz acl.&nbsp; They allow everything on their interface but, you want to control what leaves the outside interface so, you can apply an acl OUT on the outside interface.</P><P></P><P>So, it depeds on the requirement.</P><P></P><P>-KS</P></BODY></HTML> Wed, 20 Jan 2010 16:55:53 GMT https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402806#M723988 Kureli Sankar 2010-01-20T16:55:53Z https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402807#M723989 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I would agree with above replies. Just to add, I would like to mention that on an interface you can apply one ACL per direction. Also please keep in mind mMore the number of ACLs more the packet processing done at each ifc in ASA.</P><P></P><P>Thanks</P><P></P><P>Vijaya</P></BODY></HTML> Thu, 21 Jan 2010 05:52:05 GMT https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402807#M723989 vilaxmi 2010-01-21T05:52:05Z https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402808#M723990 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><DIV class="jive-rendered-content"><P>Hi All,</P><P></P><P>For ASA, is there any standard or a need of having a in and out access-group for each inside or outside interface, or is it base on situation and requirement?</P><P></P><P>Regards,</P><P>Lawrence</P></DIV><P></P></PRE><P>Hi Lawrence,</P><P></P><P>Genrally it depends on the situation as good practices we used to do <STRONG>inbound acl</STRONG> with traffic flow coming inside to device in <STRONG>in</STRONG> direction.</P><P></P><P>HTH</P><P></P><P>Regards</P><P>Ganesh.H</P></BODY></HTML> Thu, 21 Jan 2010 10:40:18 GMT https://community.cisco.com/t5/network-security/asa-access-group/m-p/1402808#M723990 Ganesh Hariharan 2010-01-21T10:40:18Z