05-19-2010 07:13 AM - edited 03-11-2019 10:48 AM
Hey guys,
Do you know the command if i wanted to have one way traffic for a host on the ASA 5520?
05-19-2010 09:19 AM
What exactly do you mean by one way traffic ?
Jon
05-19-2010 09:55 AM
for instance if i a server was only able to send traffic out the firewall interface but not recieve.......
or for the server to recieve traffic but not send.... i know it sounds a little confusing, but its how it has to be...
i know about duplex, but this is a different scenerio..
permit one way traffic from a host to a destination on a firewall....
05-19-2010 10:00 AM
The firewall is going to allow return traffic. If you want your server to accept traffic on port 80, then set your ACL up on the outside interface (assuming you want the public to get to it) and they'll be able to. You won't be able to do a "one-way" scenario though because of the way TCP works. It has to be able to answer the syn packet that's sent, so if you open anything up it would need to be bidirectional.
If you want to allow only your server out to the web, but not allow anyone to it or allow the server anywhere else, put an acl on the dmz or inside (wherever your server is) and only allow that one server through that one port. Everything else would be denied and no one would be able to get to it from the outside because you're not allowing sessions to be created from the outside.
If this doesn't answer your question, it'd be helpful if you told us your exact scenario.
HTH,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide