• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1862
  • Last Modified:

ASA EGRESS AND INGRESS

Experts,

Assume I have an ASA 5510 with a very basic setup.

int e0/0 is the outside interface that is connected to the internet.
int e0/1 is the inside interface.

Now, computer 10.10.10.10 from the inside network browses the internet 4.4.4.4.

question 1: When I run a packet capture on this; is the inside interface the INGRESS interface and the outside interface the EGRESS interface?

question 2: If I want to see the return traffic coming back to 10.10.10.10 from 4.4.4.4, would I still look at the ingress capture? It looks like when you run a packet capture and specify an interface for ingress it automatically shows outbound and inbound traffic on that interface. Is that correct?
0
trojan81
Asked:
trojan81
1 Solution
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
1) Yes. Ingress means inbound. Since the packet is coming IN TO the firewall from the inside interface, that is the ingress. The packet is going OUT FROM the outside interface, therefore it is the egress (outbound) interface.

2) When you capture packets on an interface, you see ALL packets, both ingress packets (packets entering the firewall on that interface) AND egress packets (packets leaving the firewall).

Best regards
Kvistofta
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now