Chapter 15 Permitting Or Denying Network Access; Inbound And Outbound Access List Overview - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Permitting or Denying Network Access
This chapter describes how to control network access through the FWSM using access lists. To create an
extended access lists or an EtherType access list, see
You use access lists to control network access in both routed and transparent firewall modes. In
Note
transparent mode, you can use both extended access lists (for Layer 3 traffic) and EtherType access lists
(for Layer 2 traffic).
To access the FWSM interface for management access, you do not also need an access list allowing the
host IP address. You only need to configure management access according to
Management Access."
This chapter includes the following sections:
•
•
Inbound and Outbound Access List Overview
Traffic flowing across an interface in the FWSM can be controlled in two ways. Traffic that enters the
FWSM can be controlled by attaching an inbound access list to the source interface. Traffic that exits the
FWSM can be controlled by attaching an outbound access list to the destination interface. To allow any
traffic to enter the FWSM, you must attach an inbound access list to an interface; otherwise, the FWSM
automatically drops all traffic that enters that interface. By default, traffic can exit the FWSM on any
interface unless you restrict it using an outbound access list, which adds restrictions to those already
configured in the inbound access list.
"Inbound" and "outbound" refer to the application of an access list on an interface, either to traffic
Note
entering the FWSM on an interface or traffic exiting the FWSM on an interface. These terms do not refer
to the movement of traffic from a lower security interface to a higher security interface, commonly
known as inbound, or from a higher to lower interface, commonly known as outbound.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Inbound and Outbound Access List Overview, page 15-1
Applying an Access List to an Interface, page 15-4
15
C H A P T E R
Chapter 13, "Identifying Traffic with Access Lists."
Chapter 23, "Configuring
15-1
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
