Firewall Wizards mailing list archives

New to Cisco PIX/ ASA

From: "Keith A. Glass" <salgak () speakeasy net>
Date: Wed, 1 Aug 2007 18:41:53 -0400

I've managed Gauntlets, Checkpoints, Netscreens, and SonicWalls in the past.

 

I'm a bit confused with the in and outs of the ASA firewalls.

 

I'm setting up at HA pair, my Eth0/0 is my interior interface, trust level
100, Eth 0/1 and 0/2 are my IP and State heatbeats, and Eth 1/0 is my
external interface, trust level 1.

 

Am I correct in my understanding that if I want two-way traffic, traffic is
not blocked to a lower trust level, so I need only write a rule to pass the
traffic between the endpoints from the external interface to the internal
interface, and the reply traffic is taken care of ??  Or do I have to write
a reverse rule, from the internal interface to the external as well ???

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

New to Cisco PIX/ ASA Keith A. Glass (Aug 01)
- Re: New to Cisco PIX/ ASA ArkanoiD (Aug 21)
  - Re: New to Cisco PIX/ ASA Jason (Aug 22)
- CSA Question Carric Dooley (Aug 21)
- IPv6 support in firewalls Dave Piscitello (Aug 21)
  - Re: IPv6 support in firewalls ArkanoiD (Aug 22)
  - Re: IPv6 support in firewalls Marcus J. Ranum (Aug 22)
    - Re: IPv6 support in firewalls Shahin Ansari (Aug 22)
    - Re: IPv6 support in firewalls Dave Piscitello (Aug 23)
    - Re: IPv6 support in firewalls Mohit Sharma (Aug 23)
    - Re: IPv6 support in firewalls Marcus J. Ranum (Aug 23)

(Thread continues...)