Solved: Cisco ASA Outside Interface (1 outgoing rule)

Matt S · ‎04-24-2017

Do I need to configure access list rules for the outside interface outbound traffic?

Right now I have one configuration on the Outside interface

Firewall# sh run | i outside_access_out
access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_4 any any
access-list outside_access_out_1 extended permit object-group DM_INLINE_SERVICE_8 any4 any4
access-group outside_access_out_1 out interface outside

Jon Marshall · ‎04-24-2017

In general yes I would say it is not really necessary in most cases.

Jon

View solution in original post

Jon Marshall · ‎04-24-2017

It is up to you really and how you want to control your traffic.

In my experience the most common acl is the one applied inbound to the outside interface but that doesn't mean you cannot use acls in other directions.

Is there something specific you were trying to achieve ?

Jon

Matt S · ‎04-24-2017

There isn't anything specifically; I am just trying to follow best practice I guess. So would you say that normally the outside outbound isn't really necessary to configure unless explicitly trying to block or permit something?

Jon Marshall · ‎04-24-2017

In general yes I would say it is not really necessary in most cases.

Jon