https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123760#M1113311 <P>I would suggest 7.2 Code is too old, there many things changed after that, so better upgrade latest to 9.16 (last released for that product) - when you upgrade many things are changed so your old configuration may not work as expected, so read the changes and make necessary changes as needed.</P> <P>you can have ACL only Allow IP and rest deny in the ACL is that not works for you ?</P> <P>other way you can only add required address to NAT, rest they will be not allowed. (may be bit of manual task that work)</P> <P>&nbsp;</P> Mon, 03 Jun 2024 19:10:38 GMT balaji.bandi 2024-06-03T19:10:38Z https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123309#M1113281 <P>Hi everyone,&nbsp;</P><P>Im use ASA 5506-X ver 7.2. I know all traffic can flow from Higher Security Level to Lower Security level but Is it possible to create a limit IP list can accessing outside and how I can configure this?</P><P>Thanks</P> Mon, 03 Jun 2024 10:32:35 GMT https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123309#M1113281 anhnt621994 2024-06-03T10:32:35Z https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123322#M1113286 <P>if you try to tune access to asa interface itself Use control-plane ACL</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html</A></P> <P>if other please can you more elaborate&nbsp;</P> <P>MHM</P> Mon, 03 Jun 2024 11:12:31 GMT https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123322#M1113286 MHM Cisco World 2024-06-03T11:12:31Z https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123760#M1113311 <P>I would suggest 7.2 Code is too old, there many things changed after that, so better upgrade latest to 9.16 (last released for that product) - when you upgrade many things are changed so your old configuration may not work as expected, so read the changes and make necessary changes as needed.</P> <P>you can have ACL only Allow IP and rest deny in the ACL is that not works for you ?</P> <P>other way you can only add required address to NAT, rest they will be not allowed. (may be bit of manual task that work)</P> <P>&nbsp;</P> Mon, 03 Jun 2024 19:10:38 GMT https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5123760#M1113311 balaji.bandi 2024-06-03T19:10:38Z https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5126475#M1113380 <P>Thank for your reply.</P><P>I tried to add ACL here (file attached) but I can't override the access of security level 100, any IP in this interface can reach other. Do I need to choose other level security for this interface and apply ACL?</P><P>Sorry my knowledge is not good so I dont know how to use control plan access control in my situation.&nbsp;</P><P>About the version, because the device place in OT network so we cant update usually.</P> Thu, 06 Jun 2024 11:42:11 GMT https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5126475#M1113380 anhnt621994 2024-06-06T11:42:11Z https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5126530#M1113382 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ASA ACL.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/220211iFD1235D694E05E41/image-size/large?v=v2&amp;px=999" role="button" title="ASA ACL.png" alt="ASA ACL.png" /></span></P> Thu, 06 Jun 2024 13:22:12 GMT https://community.cisco.com/t5/network-security/control-traffic-higher-security-level-to-lower-security-level/m-p/5126530#M1113382 MHM Cisco World 2024-06-06T13:22:12Z