I am looking at some configurations for Cisco FWSM devices and I notice a common notation for an ACL name called inside_access_in. But I am commonly seeing ACEs that are for allowing internal machines to access specific resources on the "outside".
My question is this: Why do they call it inside_access_in? Why not call it inside_access_out?
The ACL you're talking about is typically applied to traffic coming into the interface named "inside". The ACL is used to limit traffc that's bound for the "outside", but often it's applied with the command:
access-group inside_access_in in interface inside
So, you're limiting outbound access by limiting the traffic that can come into the firewall from the machines attempting to access the outside! >smile<
Because it's the name of the interface "inside" that you're pointing at. In other words you're going "in" to the inside interface.
