Difference between Ip-Access Group In and Out


I have a question related to Ip - Access group inside and outside.

Why is it that when creating access-lists it will match if its on the outside and why not on the inside.
I am totally confused with both.

I do know that traffic is passing through , but how to know when to use inside or outside direction.

Because I can not find any tutorial explaining that.

Hi Jason,

Let’s say you have a router with 5 LAN interfaces and 1 WAN interface. You want to restrict traffic from LAN > WAN. There are two options:

  1. Put the same access-list inbound on all 5 LAN interfaces.
  2. Put the same access-list outbound on the single WAN interface.

Both will do the job, you can block packets but option two is probably a bit more convenient in this scenario.