topic Strange behavior with Communication between sub-interfaces in Network Security https://community.cisco.com/t5/network-security/strange-behavior-with-communication-between-sub-interfaces/m-p/1251728#M826925 <P>I have a 5550 with 10 sub-interfaces (vlans) configured on Five physical Interfaces. Each sub-interface has a different security level based on function. I've noticed that I only have to write an egress rule for traffic to pass from a lower security level interface to higher security level interface. I would have thought I would need to write rules to allow the traffic in both the out and in directions. We are not using NAT, all public IP addresses. Any thoughts on this? Example: if I allow tcp port 3389 out of our production data vlan to our admin vlan I only have to write an ACL that says allow tcp/3389 out of production data. I do not need to write an ACL that allows tcp/3389 into the admin vlan. Is this normal behavior?</P> Mon, 11 Mar 2019 16:14:26 GMT kbrinnehl 2019-03-11T16:14:26Z Strange behavior with Communication between sub-interfaces https://community.cisco.com/t5/network-security/strange-behavior-with-communication-between-sub-interfaces/m-p/1251728#M826925 <P>I have a 5550 with 10 sub-interfaces (vlans) configured on Five physical Interfaces. Each sub-interface has a different security level based on function. I've noticed that I only have to write an egress rule for traffic to pass from a lower security level interface to higher security level interface. I would have thought I would need to write rules to allow the traffic in both the out and in directions. We are not using NAT, all public IP addresses. Any thoughts on this? Example: if I allow tcp port 3389 out of our production data vlan to our admin vlan I only have to write an ACL that says allow tcp/3389 out of production data. I do not need to write an ACL that allows tcp/3389 into the admin vlan. Is this normal behavior?</P> Mon, 11 Mar 2019 16:14:26 GMT https://community.cisco.com/t5/network-security/strange-behavior-with-communication-between-sub-interfaces/m-p/1251728#M826925 kbrinnehl 2019-03-11T16:14:26Z Re: Strange behavior with Communication between sub-interfaces https://community.cisco.com/t5/network-security/strange-behavior-with-communication-between-sub-interfaces/m-p/1251729#M826955 <HTML><HEAD></HEAD><BODY><P>Yes it's normal. It's what makes up the stateful firewall.</P><P></P><P><A class="jive-link-custom" href="http://en.wikipedia.org/wiki/Stateful_firewall" target="_blank">http://en.wikipedia.org/wiki/Stateful_firewall</A></P></BODY></HTML> Thu, 10 Sep 2009 18:39:57 GMT https://community.cisco.com/t5/network-security/strange-behavior-with-communication-between-sub-interfaces/m-p/1251729#M826955 Collin Clark 2009-09-10T18:39:57Z