08-25-2016 04:25 AM - edited 03-08-2019 07:08 AM
Hello all,
I am trying to add an inbound firewall rule to allow tcp from any host if the connection was established from the inside.
I have tried this but don't get the option for the established keyword.
Can anyone advise if I am missing something?
access-list IN-BASIC-PERMIT extended permit tcp any any ***
ASA version is 8.4.
Thanks
Matt
Solved! Go to Solution.
08-25-2016 04:37 AM
Cisco ASA are stateful so you dont need to add additional rule for established like in Cisco router
08-25-2016 04:37 AM
Cisco ASA are stateful so you dont need to add additional rule for established like in Cisco router
08-25-2016 04:41 AM
Hi Pawan,
Thank you for the quick reply.
So if I understand correctly, anything that goes out of the firewall is allowed back in as it is automatically determined as established?
Regards
Matt
08-25-2016 04:54 AM
Yes thats why we called it as stateful Firewall. If foreward tarffic for any connection allowed then return traffic for that connection is permitted by default.
Regards,
Pawan (CCIE #52104)
Kindly rate for useful post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide