Firewall questions

Hi guys,

I have a basic asa firewall questions. Lets say I have the ASA 5510 and I use one of the interfaces for an internal network (192.168.1.0/24) and the other interface is routed out to the internet. How do I configure the firewall to let all connections outbound but no connections back inbound except for those that were initiated internally.

So i have it configured to allow all connections outbound right now internal -> Any Permit

but on the outbound interface, the only way i can get it to work is setting Any -> internal Permit

I didn't really want to have the Any to internal, permit rule, but this is the only way to make it work. Shouldn't the ASA know state and allow those connections that are initiated internally to be accepted? So that the only rule from the outbound interface to internal should be deny all?

Thanks!

Reply to
tweaked540
Loading thread data ...

U should not need an ACL for returning traffic. Please post sh nat and sh access-list

Reply to
Artie Lange

Hi that is part of the inbuilt statefull session tracking, when a connection is initiated from a trusted interface (inside) to an untrusted interface (outside) then a "pin-hole" is created in the firewall automatically to allow that traffic to flow in either direction. Only use ACL's if you want to allow traffic from the outside to initiate to the inside.

Flamer.

Reply to
die.spam

On Tue, 19 May 2009, snipped-for-privacy@gmail.com wrote: Hi please excuse me for the stupid question, does ASA use the Xsame CLI like PIX?

Thanks in advance

Cheers!

Reply to
nino

Pretty much. The interface is the same, there are features in the ASA not available on the PIX. For example, HTTPS VPN.

Reply to
Artie Lange

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.