Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
1
Replies

Reflexive access-lists

mikedelafield
Level 1
Level 1

‎05-23-2009 04:50 AM - edited ‎03-11-2019 08:35 AM

Just a quick open question I hope.

After recently reading about reflexive access-lists on Routers I was wondering if they are required on Cisco PIX or ASAs?

Or is this kind of thing taken care of as default behavious on a security module such as this?

Thanks.

Labels:
0 Helpful
1 Reply 1

jeremyault
Level 1
Level 1

‎05-23-2009 09:48 AM

Reflexive access lists allow you to dynamically open up your filtering router to allow reply packets back through, in response to an outbound TCP connection or UDP session initiated from within your network.

This is exactly what the ASA's stateful inspection does by default. It allows traffic from a higher security level (inside interface) to a lower security level (outside interface) and only lets traffic from the lower security level interface to a higher security level interface (from outside to inside) if it's part of a response to an outbound request -- of if the traffic is explicitly permitted inbound on an ACL.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card