Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
1
Replies

ACLs on Inside interface

Go to solution
garethtex
Level 1
Level 1

‎01-29-2013 05:32 PM - edited ‎03-11-2019 05:54 PM

Hello I am new to firewalling and the ASA5510. I have inherited the management of a firewall. I have a quick question with regards to best practice.

I have attached a screen shot of the rules configured for the inside interface on our ASA5510.

Inside interface - this interface is into our internal network.

With the outgoing rules on this interface being any any ip permit does this mean once traffic gets into our FW we are happy for any traffic to go into our internal network even though the internal network interface security level is 100?

If anything I would swap the inside interfaces rules around, incoming rules changed to outgoing and outgoing rules changed to incoming rules.

Forgive me if this is a stupid question, is there any good documentation that explains data flow within the ASA5510.

ASA5510 ACLs - inside.JPG

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rudy Sanjoko
Level 4
Level 4

‎01-30-2013 01:53 AM 

Inside interface - this interface is into our internal network.
With the outgoing rules on this interface being any any ip permit does this mean once traffic gets into our FW we are happy for any traffic to go into our internal network even though the internal network interface security level is 100?

no, these are rules that are set for your inside interface. for traffic that comes to your firewall on the outside interface (this is what normally connectted to internet), that traffic will be inspected using the incoming rules on your outside interface. By default, flow from low security-level interface to higher security-level interface will not be allowed, unless there is nat/access rule in place.

These links explain how a traffic flow in an asa, hope this helps:

ingoing outgoing access rule on asa

asa acl

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rudy Sanjoko
Level 4
Level 4

‎01-30-2013 01:53 AM 

Inside interface - this interface is into our internal network.
With the outgoing rules on this interface being any any ip permit does this mean once traffic gets into our FW we are happy for any traffic to go into our internal network even though the internal network interface security level is 100?

no, these are rules that are set for your inside interface. for traffic that comes to your firewall on the outside interface (this is what normally connectted to internet), that traffic will be inspected using the incoming rules on your outside interface. By default, flow from low security-level interface to higher security-level interface will not be allowed, unless there is nat/access rule in place.

These links explain how a traffic flow in an asa, hope this helps:

ingoing outgoing access rule on asa

asa acl

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card