topic Re: How to allow any traffic destined for ASA firewall itself. in Network Access Control

How to allow any traffic destined for ASA firewall itself.

Senthil Murugan — Fri, 21 Feb 2020 18:45:21 GMT

Hi - We have ASA 5516-X firewall in our infra; we have a requirement to allow any service from vulnerability scanner to scan the ASA firewall device.

What is the way to allow this traffic as we cannot use interface ACL to restrict the acccess

Regards

Senthil Murugan

Karsten Iwen — Tue, 13 Feb 2018 09:34:49 GMT

There is no single switch to allow this. You have to allow it service by service like that:

ssh IP-OF-VUL-SCANNER 255.255.255.255 inside
http IP-OF-VUL-SCANNER 255.255.255.255 inside

Senthil Murugan — Tue, 13 Feb 2018 09:37:54 GMT

Thanks Karsten, unfortunately that is not practically possible for all 65535 service and that too both TCP & UDP.

Is there anyway i can give "any" service for those scanner IPs to scan the Firewall.