bi-directional ACL same ports for outbound & inbound
I have got server in DMZ area with an ip address 192.168.101.202, I want this server to be accessible from outside world through these ports: 809 8400, 80 (for outbound and inbound traffics)
This is my configuration
static (dmz, outside) 80.80.10.2 192.168.101.202 netmask 255.255.255.255 0 0
What I did , is this (for inbounding traffic) :
access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 80
access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 443
access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 8200
Do I need to config below as well (for the outbounding traffic)?
access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 80
access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 443
access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 8200
access-group FROM_OUTSIDE_TO_DMZ in interface outside
If the outbound and inbound communicate on different posts then it is obvious we have to configure access-list in both directions, but does this apply to when outbound and inbound communicate on same posts
Note: fake public ip address