[c-nsp] Cisco ASA return traffic with explicit deny on outside interface
Roland Dobbins
rdobbins at arbor.net
Fri Oct 10 03:01:36 EDT 2014
On Oct 10, 2014, at 6:29 AM, Pete Lumbis <alumbis at gmail.com> wrote:
> Perhaps you are thinking of standard IOS ACL rules, specifically reflexive ACLs? Or maybe the "established" keyword on standard ACLs that looks for an ACK flag?
I was thinking of this:
<http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/ef.html#wp1927618>
The default config is to allow all returned traffic from the 'outside' to the 'inside'.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the cisco-nsp
mailing list