Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2560
Views
0
Helpful
3
Replies

Question Re: Cisco ASA inbound and outbound access lists

sphar
Level 1
Level 1

‎03-05-2020 07:08 PM - edited ‎03-05-2020 07:14 PM

Hi Everyone,

 

We are using a shared Cisco ASA firewall that is managed by an external ISP.

 

I'm trying to get my head around the confusing terminology for the outbound and inbound interfaces that have ACL permit rules as follows:

 

OUTBOUND

company_out applied to COMPANY interface as an outbound access list.
access-list company_out line
ACLs are always permit <external IP> to <internal Company IP> eq port

Question: Shouldn't it be the other way round so we are permitting/allowing the internal IP 'out to' the external IP?


INBOUND

company_in Applied to COMPANY interface as an inbound access list.
access-list company_in line
ACLs are always permit ip <Company internal IP> to <External IP> eq port

Question: Shouldn't it be the other way round so we are permitting/allowing the external IP 'in to' the internal IP?

 

Thanks in advance.

0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎03-05-2020 09:05 PM

Hi

Inbound acl means traffic entering the firewall interface and Outbound means traffic leaving interface,
For example, with your inbound you control internal subnets to access external subnets on your inside interface. The outbound applied to this same interface means you will allow the external IPs to communicate with internal IPs. Usually this outbound is placed on the outside interface as inbound acl.
I hope it's clear.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

sphar
Level 1
Level 1
In response to Francesco Molino

‎03-05-2020 09:11 PM

Thank you Francesco for the reply.

 

Would you have any good source links with images explaining the above?

 

I have found a few below, but still not 100% clear unless I can visualise the interfaces!

 

Steve

 

https://blog.router-switch.com/2014/02/cisco-acls-in-and-out-on-cisco-asa/

http://www.techspacekh.com/access-control-list-acl-with-cisco-asa-firewall-appliance/

https://daveonsecurity.wordpress.com/2017/02/20/cisco-asa-fundamentals-part-2/

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to sphar

‎03-05-2020 09:23 PM

The 2nd and 3rd link are pretty much showing everything, I don't have any documentation showing better images. I'm sorry.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card