[c-nsp] Cisco ASA return traffic with explicit deny on outside interface
Roland Dobbins
rdobbins at arbor.net
Thu Oct 9 15:51:40 EDT 2014
On Oct 10, 2014, at 2:42 AM, Christopher Werny <cwerny at ernw.de> wrote:
> I am wondering, does return traffic (for connections originated on the inside network) get through the ASA with the explicit deny ip any any statement in the outside ACL?
IIRC, there's some variation of 'permit established', and a bunch of UDP-tracking stuff, too.
Someone else will likely be able to give more detailed answers.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the cisco-nsp
mailing list