Inbound vs. Outbound Access?

What is the difference between Full access vs. Outbound-Only aceess on a firewall? Can you give some examples of proggrams that need Inbound and Outbound access and just Outbound Access?

1 Answer

Relevance
  • Anonymous
    1 decade ago
    Best Answer

    Inbound access lists are applied to packets coming into the interface. The inbound list is applied before other things such as routing descisions, crypto maps, route maps, etc.

    Outbound lists are applied to packets leaving the interface. Since the packet is leaving the interface, most other packet functions have already been applied.

    Here are some examples:

    interface FastEthernet4

    description External Interface

    ip address W.X.Y.Z 255.255.255.248

    ip access-group 160 in

    no ip redirects

    no ip unreachables

    no ip proxy-arp

    ip nat outside

    ip virtual-reassembly

    duplex full

    speed 100

    no cdp enable

    crypto map vpn_map

    access-list 160 permit esp any host W.X.Y.Z

    access-list 160 permit gre any host W.X.Y.Z

    access-list 160 permit udp any host W.X.Y.Z eq isakmp

    access-list 160 permit ahp any host W.X.Y.Z

    access-list 160 permit tcp host E.F.G.H host W.X.Y.Z eq 3389

    access-list 160 permit tcp host R.S.T.U host W.X.Y.Z eq 3389

    access-list 160 deny tcp any host W.X.Y.Z eq 3389 log

    access-list 160 deny ip any any

    In the above example the interface f4 connects to the Internet. The inbound access list allows some packets through and blocks others. The letters are just put in place of ip address octets. Since it is an inbound list, packets going out of the interface (to the Internet) are not affected, but packets coming in (from the Internet) are permitted or denied according to the access list.

Still have questions? Get your answers by asking now.