https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521718#M1085942 <P>Hi</P><P>So hope ive been getting this right if i want to block traffic to and from the same addresses I creat a rule it would be as the below</P><P>&nbsp;</P><P><STRONG>source</STRONG> ANY&nbsp; &nbsp;<STRONG>destination</STRONG> ANY&nbsp; <STRONG>source networks</STRONG>&nbsp;23.33.44.55&nbsp;&nbsp;<STRONG>destination networks</STRONG>&nbsp;22.33.44.55&nbsp;&nbsp;<STRONG>Source ports</STRONG>&nbsp;Any&nbsp;&nbsp;<STRONG>Dest ports</STRONG>&nbsp;ANY</P><P>&nbsp;</P><P><STRONG>and block with reset</STRONG></P><P>&nbsp;</P><P><STRONG>??</STRONG></P> Mon, 20 Dec 2021 17:46:59 GMT benolyndav 2021-12-20T17:46:59Z https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521718#M1085942 <P>Hi</P><P>So hope ive been getting this right if i want to block traffic to and from the same addresses I creat a rule it would be as the below</P><P>&nbsp;</P><P><STRONG>source</STRONG> ANY&nbsp; &nbsp;<STRONG>destination</STRONG> ANY&nbsp; <STRONG>source networks</STRONG>&nbsp;23.33.44.55&nbsp;&nbsp;<STRONG>destination networks</STRONG>&nbsp;22.33.44.55&nbsp;&nbsp;<STRONG>Source ports</STRONG>&nbsp;Any&nbsp;&nbsp;<STRONG>Dest ports</STRONG>&nbsp;ANY</P><P>&nbsp;</P><P><STRONG>and block with reset</STRONG></P><P>&nbsp;</P><P><STRONG>??</STRONG></P> Mon, 20 Dec 2021 17:46:59 GMT https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521718#M1085942 benolyndav 2021-12-20T17:46:59Z https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521722#M1085943 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> You'd need 2 rules, 1 from "any" to 22.33.44.55 block with reset and another from 22.33.44.55 to "any" block with reset.</P> Mon, 20 Dec 2021 17:52:55 GMT https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521722#M1085943 Rob Ingram 2021-12-20T17:52:55Z https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521743#M1085944 <P>Hi Rob</P><P>Thanks&nbsp;</P><P>Traffic the other way would be blocked anyway unless explicitly allowed from Outside to inside so is the 2nd rule even needed?</P><P>&nbsp;</P><P>Thanks</P> Mon, 20 Dec 2021 19:01:26 GMT https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521743#M1085944 benolyndav 2021-12-20T19:01:26Z https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521746#M1085945 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> sure if you've an explict or implict deny rule at the bottom of the ACP from outside to inside, then yes it would not be needed.</P> Mon, 20 Dec 2021 19:06:09 GMT https://community.cisco.com/t5/network-security/access-control-policy-rule/m-p/4521746#M1085945 Rob Ingram 2021-12-20T19:06:09Z