https://community.cisco.com/t5/network-security/asa-acl-help/m-p/4508471#M1085378 <P class="">Those ACLs are permitting and denying IPs, protocols, etc…, for example:</P><P class="">&nbsp;</P><P class="">access-list outside-acl line 1 extended permit tcp any interface outside eq 3389:</P><P class="">&nbsp;</P><P class="">Permits tcp from any interface to outside. That applies when equals to port 3389 &nbsp;which used for&nbsp;<STRONG>Microsoft WBT Server</STRONG>, used for Windows Remote Desktop and Remote Assistance connections (RDP - Remote Desktop Protocol).</P><P class="">ASA has an implicit deny.</P><P class="">&nbsp;</P><P class=""><STRONG>I would read the following documentation for better understanding:</STRONG></P><P class=""><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-0000011a" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-0000011a</A></P><P class="">&nbsp;</P><P class=""><A href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html?referring_site=RE&amp;pos=3&amp;page=https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html?referring_site=RE&amp;pos=3&amp;page=https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html</A></P><P class="">&nbsp;</P><P class=""><STRONG>In addition, if you have some spare time you can read this book which not only will teach about ACLs but ASA overall:</STRONG></P><P class=""><A href="https://www.amazon.com/dp/1587143070?tag=uuid10-20" target="_blank" rel="noopener">https://www.ciscopress.com/store/cisco-asa-all-in-one-next-generation-firewall-ips-and-9781587143076</A></P> Thu, 25 Nov 2021 18:58:16 GMT BmfL 2021-11-25T18:58:16Z https://community.cisco.com/t5/network-security/asa-acl-help/m-p/4508462#M1085376 <P>Hello,</P><P>&nbsp;</P><P>Fairly new to ASA, have done some limited work in the past.&nbsp; Wondering if someone could give me a quick run down on what the following ACL statements do and, following the last statement, is it implicit "deny"?</P><P>&nbsp;</P><P>access-list outside-acl; 4 elements; name hash: 0x9bea1c52</P><P>access-list outside-acl line 1 extended permit tcp any interface outside eq 3389</P><P>access-list outside-acl line 2 remark Allow pinging of firewall</P><P>access-list outside-acl line 3 extended permit icmp any interface outside echo</P><P>access-list outside-acl line 4 extended permit icmp any interface outside echo-reply</P><P>access-list outside-acl line 5 extended deny ip any any log informational interval 300</P><P>access-list dmz-acl; 4 elements; name hash: 0x282e44f8</P><P>access-list dmz-acl line 1 extended permit udp any any eq ntp</P><P>access-list dmz-acl line 2 extended permit ip any host 10.74.0.27</P><P>access-list dmz-acl line 3 extended permit ip host 172.22.12.16 any log informational interval 300</P><P>access-list dmz-acl line 4 remark 'allow backup'</P><P>access-list dmz-acl line 5 extended permit ip any host 10.101.0.160</P><P>access-list nat-acl; 1 elements; name hash: 0xf4b526c2</P><P>access-list nat-acl line 1 extended permit ip 172.22.0.0 255.255.0.0 any</P><P>&nbsp;</P><P>Any help is appreciated!</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 Nov 2021 18:00:33 GMT https://community.cisco.com/t5/network-security/asa-acl-help/m-p/4508462#M1085376 newbiefromfortinet 2021-11-25T18:00:33Z https://community.cisco.com/t5/network-security/asa-acl-help/m-p/4508471#M1085378 <P class="">Those ACLs are permitting and denying IPs, protocols, etc…, for example:</P><P class="">&nbsp;</P><P class="">access-list outside-acl line 1 extended permit tcp any interface outside eq 3389:</P><P class="">&nbsp;</P><P class="">Permits tcp from any interface to outside. That applies when equals to port 3389 &nbsp;which used for&nbsp;<STRONG>Microsoft WBT Server</STRONG>, used for Windows Remote Desktop and Remote Assistance connections (RDP - Remote Desktop Protocol).</P><P class="">ASA has an implicit deny.</P><P class="">&nbsp;</P><P class=""><STRONG>I would read the following documentation for better understanding:</STRONG></P><P class=""><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-0000011a" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-0000011a</A></P><P class="">&nbsp;</P><P class=""><A href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html?referring_site=RE&amp;pos=3&amp;page=https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html?referring_site=RE&amp;pos=3&amp;page=https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html</A></P><P class="">&nbsp;</P><P class=""><STRONG>In addition, if you have some spare time you can read this book which not only will teach about ACLs but ASA overall:</STRONG></P><P class=""><A href="https://www.amazon.com/dp/1587143070?tag=uuid10-20" target="_blank" rel="noopener">https://www.ciscopress.com/store/cisco-asa-all-in-one-next-generation-firewall-ips-and-9781587143076</A></P> Thu, 25 Nov 2021 18:58:16 GMT https://community.cisco.com/t5/network-security/asa-acl-help/m-p/4508471#M1085378 BmfL 2021-11-25T18:58:16Z