01-18-2023 11:15 AM
Hello.
I am unclear on ASA 5525 ACL traffic behavior...
If an ACL is implemented on an interface in one direction, are packets within this session that have been permitted by that ACL automatically allowed back in from the other side during that same session?
In other words-- Is it true that ASA ACLs are inherently bi-directional if the initiator of the communication was permitted through the firewall?
Thank you.
Thank you.
Solved! Go to Solution.
01-18-2023 11:20 AM
@jmaxwellUSAF yes, the ASA is a stateful firewall, so return traffic is permitted automatically.
01-18-2023 11:20 AM
If an ACL is implemented on an interface in one direction, are packets within this session that have been permitted by that ACL automatically allowed back in from the other side during that same session? Yes
the traffic initiate from one interface, it check by ACL apply IN to that interface, and then the traffic will build Conn in ASA,
this Conn will use for return back traffic.
01-18-2023 11:20 AM
@jmaxwellUSAF yes, the ASA is a stateful firewall, so return traffic is permitted automatically.
01-18-2023 11:20 AM
If an ACL is implemented on an interface in one direction, are packets within this session that have been permitted by that ACL automatically allowed back in from the other side during that same session? Yes
the traffic initiate from one interface, it check by ACL apply IN to that interface, and then the traffic will build Conn in ASA,
this Conn will use for return back traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide