Hi,
I have created one ACL on ASA permitting only ICMP/HTTP traffic inbound on
outside interface, and on ACL permitting ICMP/Telnet outbound on outside
interface.
access-list OUT_IN extended permit icmp any any echo
access-list OUT_IN extended permit icmp any any echo-reply
access-list OUT_IN extended permit tcp any host 10.0.0.100 eq www
access-list OUT_OUT extended permit icmp any any echo
access-list OUT_OUT extended permit icmp any any echo-reply
access-list OUT_OUT extended permit tcp any any eq telnet
How the return traffic for telnet is permitted when (if i remove icmp ACE
from OIT_IN) the return traffic for icmp is not...
I am asking the question with the perspective that after we put outbound ACL
on outside interface it will override the default inspection...and whatever
traffic we permit in the ACL will be allowed outside...
Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 18 2010 - 23:19:13 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:36 ART