1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Inbound Vs Outbound Access List????

Discussion in 'General Cisco Certifications' started by hetauda, Jul 15, 2006.

  1. hetauda

    hetauda New Member

    Hi there!
    I'm confused with the implementation of inbound Vs outbound access list. The difference, as far as i understand, is when the packets are processed through access list..... before going through routing process or after (correct me if i'm wrong)

    But i don't understand the result of it ...or even why have these two types in the first place!!!!!!!!!

    Please help.
  2. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    Inbound access lists are applied to packets coming into the interface. The inbound list is applied before other things such as routing descisions, crypto maps, route maps, etc.

    Outbound lists are applied to packets leaving the interface. Since the packet is leaving the interface, most other packet functions have already been applied.

    Here are some examples:

    interface FastEthernet4
    description External Interface
    ip address W.X.Y.Z
    ip access-group 160 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map vpn_map

    access-list 160 permit esp any host W.X.Y.Z
    access-list 160 permit gre any host W.X.Y.Z
    access-list 160 permit udp any host W.X.Y.Z eq isakmp
    access-list 160 permit ahp any host W.X.Y.Z
    access-list 160 permit tcp host E.F.G.H host W.X.Y.Z eq 3389
    access-list 160 permit tcp host R.S.T.U host W.X.Y.Z eq 3389
    access-list 160 deny tcp any host W.X.Y.Z eq 3389 log
    access-list 160 deny ip any any

    In the above example the interface f4 connects to the Internet. The inbound access list allows some packets through and blocks others. The letters are just put in place of ip address octets. Since it is an inbound list, packets going out of the interface (to the Internet) are not affected, but packets coming in (from the Internet) are permitted or denied according to the access list.

    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP

Share This Page