Inbound Vs Outbound Access List????

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi there!
I'm confused with the implementation of inbound Vs outbound access list. The difference, as far as i understand, is when the packets are processed through access list..... before going through routing process or after (correct me if i'm wrong)

But i don't understand the result of it ...or even why have these two types in the first place!!!!!!!!!

Please help.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Inbound access lists are applied to packets coming into the interface. The inbound list is applied before other things such as routing descisions, crypto maps, route maps, etc.

Outbound lists are applied to packets leaving the interface. Since the packet is leaving the interface, most other packet functions have already been applied.

Here are some examples:

interface FastEthernet4
description External Interface
ip address W.X.Y.Z 255.255.255.248
ip access-group 160 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map vpn_map

access-list 160 permit esp any host W.X.Y.Z
access-list 160 permit gre any host W.X.Y.Z
access-list 160 permit udp any host W.X.Y.Z eq isakmp
access-list 160 permit ahp any host W.X.Y.Z
access-list 160 permit tcp host E.F.G.H host W.X.Y.Z eq 3389
access-list 160 permit tcp host R.S.T.U host W.X.Y.Z eq 3389
access-list 160 deny tcp any host W.X.Y.Z eq 3389 log
access-list 160 deny ip any any

In the above example the interface f4 connects to the Internet. The inbound access list allows some packets through and blocks others. The letters are just put in place of ip address octets. Since it is an inbound list, packets going out of the interface (to the Internet) are not affected, but packets coming in (from the Internet) are permitted or denied according to the access list.

Spice_Weasel