Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
2
Replies

ACL IN or IN AND OUT?

burnit
Level 1
Level 1

‎11-09-2022 07:18 AM

Good day!

I have a question regarding the ACL.

For security reason, is it better to configure in and outbound rules to deny both directions, or just the inbound rules?

Or do you prefer to create an inbound rule for the other vlan netork to deny it on both directions?

So if i want to allow one port i would have to allow this in two rules, instead of one. 

What is your best practise?

Kind regards,

Brian

Labels:
0 Helpful
2 Replies 2

David Ruess
VIP
VIP

‎11-09-2022 07:26 AM - edited ‎11-09-2022 07:27 AM

Hello,

 

That's a difficult question to answer because it will boil down to your company's requirements.

To answer your other question about allowing a port in both directions. It depends, again. Does the source/destination port change or stay the same? If you send out https packets (port 443) does the return traffic use port 443, probably not since it'll be the port the PC used as its source port.

The boarder answer to your question I suppose would be restrict everything you can and allow only what's needed as best as you can.

All in all you need to understand the packet flow and applications of your network to better understand which ACLs would be beneficial.

 

Hope that helps.

-David

0 Helpful

MHM Cisco World
VIP
VIP

‎11-13-2022 11:40 AM

I am need to decide the ACL IN/OUT then I will draw topology and mention Inbound and Outbound traffic and then finally I will put ACL in right position.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card