[c-nsp] Cisco ASA return traffic with explicit deny on outside interface

Roland Dobbins rdobbins at arbor.net
Thu Oct 9 15:51:40 EDT 2014


On Oct 10, 2014, at 2:42 AM, Christopher Werny <cwerny at ernw.de> wrote:

> I am wondering, does return traffic (for connections originated on the inside network) get through  the ASA with the explicit deny ip any any statement in the outside ACL?  

IIRC, there's some variation of 'permit established', and a bunch of UDP-tracking stuff, too.

Someone else will likely be able to give more detailed answers.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön




More information about the cisco-nsp mailing list