[c-nsp] Cisco ASA return traffic with explicit deny on outside interface
Pete Lumbis
alumbis at gmail.com
Thu Oct 9 19:29:16 EDT 2014
Perhaps you are thinking of standard IOS ACL rules, specifically reflexive
ACLs? Or maybe the "established" keyword on standard ACLs that looks for an
ACK flag?
On Thu, Oct 9, 2014 at 4:23 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> On Oct 10, 2014, at 2:56 AM, Pete Lumbis <alumbis at gmail.com> wrote:
>
> > Existing connections skip the ACL check.
>
> Is there a knob/stanza for this? If so, is 'permit established' the
> default?
>
> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Equo ne credite, Teucri.
>
> -- Laocoön
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list