ACL in OR out direction

Ibrahim Jamil · ‎02-06-2011

hi folks

I wanna let some users access outside application through the firewall,so what is the proper config for that?

inside (sec 100)

outside (sec 0)

so will the access-group applyed in direction on the outside or out direction on the inside interface?

Yudong Wu · ‎02-06-2011

By default, the adaptive security appliance allows traffic to flow freely from an inside network (higher security level) to an outside network (lower security level). Since ASA is a stateful firewall, the return traffic will be allowed automatically. So, you don't need configure any ACL/access-group if you just would like to allow traffic from inside to outside.

You need configure NAT to translate internal private IP to a public IP.

Ibrahim Jamil · ‎02-06-2011

Hi Freind

I didnt work until i added the below comand

access-list outside_in permit tcp <172.40.4.0 255.255.255.0> eq 443

and this access-group already applied on outside in derection

access-group outside_in in inter outside

Yudong Wu · ‎02-06-2011

access-list outside_in permit tcp <172.40.4.0 255.255.255.0> eq 443

The above ACL will allow 172.40.4/24 to initiate inbounding traffic to your patner network on port TCP 443 from low security interface (outside).

Yes, if the traffic is initiated from low security side to high security side, you must use ACL to permit it on low security interface.

I thought you were asking for allowing traffic from high security side to low security side.