Howdy,
On a PIX515 6.3 It is my understnading that Outbound traffic is allowed by default.
This ACL allows outbound traffic, i.e. SMTP to an Internet mail server.
access-list acl_collector permit icmp any any access-list acl_collector permit ip any any access-list acl_collector permit tcp 192.168.10.0 255.255.255.0 any eq ssh access-group acl_collector in interface collector
This ACL DOES NOT allow outbound traffic, i.e. SMTP to the same Internet mail server.
access-list acl_collector permit icmp any any access-list acl_collector permit ip any any access-list acl_collector permit tcp 192.168.10.0 255.255.255.0 any eq ssh access-group acl_collector in interface collector
What am I missing here? If I have this correct then the "ip any any" rule is OK or should it be set to "ip local_interface_subnet any"?
Thanks, Dan Foxley