[c-nsp] Cisco ASA return traffic with explicit deny on outside interface
Christopher Werny
cwerny at ernw.de
Thu Oct 9 15:42:56 EDT 2014
Good Evening,
I know that might seem a simple and easy question, but I wasn't able to find an exact answer (but maybe my google-fu has just failed me or my brain just needs some sleep).
I have an ASA running 8.4 in a pretty simple setup with 2 interfaces (inside/outside). I have to 2 ACLs where one is applied inbound on the inside, and one ACL applied inbound on the outside interface. The outside ACL has an explicit deny ip any any statement for logging purposes.
I am wondering, does return traffic (for connections originated on the inside network) get through the ASA with the explicit deny ip any any statement in the outside ACL? I know it works without an ACL applied to the outside interface, but the explicit deny got me thinking. I haven't a device with me to test it unfortunately
Thanks for your time.
Best,
Christopher
More information about the cisco-nsp
mailing list