Chapter 18 Permitting Or Denying Network Access; Inbound And Outbound Access List Overview - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Permitting or Denying Network Access
This chapter describes how to control network access through the security appliance using access lists.
To create an extended access lists or an EtherType access list, see
Access Lists."
You use ACLs to control network access in both routed and transparent firewall modes. In transparent
Note
mode, you can use both extended ACLs (for Layer 3 traffic) and EtherType ACLs (for Layer 2 traffic).
To access the security appliance interface for management access, you do not need an access list
allowing the host IP address. You only need to configure management access according to
"Managing System Access."
This chapter includes the following sections:
•
•
Inbound and Outbound Access List Overview
By default, all traffic from a higher-security interface to a lower-security interface is allowed. Access
lists let you either allow traffic from lower-security interfaces, or restrict traffic from higher-security
interfaces.
The security appliance supports two types of access lists:
•
•
"Inbound" and "outbound" refer to the application of an access list on an interface, either to traffic
Note
entering the security appliance on an interface or traffic exiting the security appliance on an interface.
These terms do not refer to the movement of traffic from a lower security interface to a higher security
interface, commonly known as inbound, or from a higher to lower interface, commonly known as
outbound.
An outbound access list is useful, for example, if you want to allow only certain hosts on the inside
networks to access a web server on the outside network. Rather than creating multiple inbound access
lists to restrict access, you can create a single outbound access list that allows only the specified hosts
OL-12172-03
Inbound and Outbound Access List Overview, page 18-1
Applying an Access List to an Interface, page 18-2
Inbound—Inbound access lists apply to traffic as it enters an interface.
Outbound—Outbound access lists apply to traffic as it exits an interface.
C H A P T E R
Chapter 16, "Identifying Traffic with
Cisco Security Appliance Command Line Configuration Guide
18
Chapter 40,
18-1
Advertisement
Table of Contents
Troubleshooting
