07-19-2012 01:36 PM - edited 03-11-2019 04:32 PM
im a newbie so be easy on me....
i connected to a asa 5510 at work
i checked the GUI of creating access rules
i see that by default all rules are created as incoming and only by choosing "more options" a outgoing rule can be set.
is there any reason for this? why is this option "hidden" ?
Solved! Go to Solution.
07-20-2012 02:55 AM
You can configure 10 different ACL incoming to each user vlan interface, or you can create 1 ACL outgoing on server vlan.
Either way is fine, typically you would see which is the least number of line of ACL and apply it accordingly.
07-20-2012 01:00 AM
Incoming is the most used access-list, where it is incoming towards the interface. Outgoing is seldom used as it is outgoing off the interface.
Don't be confused with the term incoming and outgoing, as it doesn't mean incoming and outgoing off the firewall, but it is incoming and outgoing off the ASA interfaces.
07-20-2012 02:06 AM
if for example i want to block 10 different user vlans from accesing 1 server vlan
wouldnt i place a deny access rule outgoing on the server vlan interface?
or would i place it incoming on each user vlans interface?
07-20-2012 02:55 AM
You can configure 10 different ACL incoming to each user vlan interface, or you can create 1 ACL outgoing on server vlan.
Either way is fine, typically you would see which is the least number of line of ACL and apply it accordingly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide