topic Can not get ACL work on AS Firewall in Network Security https://community.cisco.com/t5/network-security/can-not-get-acl-work-on-as-firewall/m-p/4026380#M22745 <P>Gents ,&nbsp;</P><P>I have a ASA 5506 Firewall work as a transparent mood.&nbsp; I am trying to add ACL to port 1 and 2 to accept only 2 specific ip address to that port.</P><P>this ASA have BVI interface&nbsp; that assigned to PORT 1 and PORT 2 on the firewall.</P><P>ASA giga Port 1 must accept only device that contain ip 10.1.1.1 and ASA giga port 2 must accept only device that contain the ip&nbsp; 10.1.1.2 .&nbsp;</P><P>Both ports are on the same security level and traffic transport between same security level is enabled. ASA is not connected to internet.</P><P>&nbsp;</P><P>&nbsp;I try to write an ACL as follows :</P><P>create an object</P><P>&nbsp;</P><P>object network FBM<BR />host 10.1.1.1</P><P>&nbsp;</P><P>Create ACL<BR />access-list BLK&nbsp; extended permit ip object FBM any</P><P>&nbsp;</P><P>access-group<BR />access-group BLK&nbsp; in interface prod</P><P>&nbsp;</P><P>Interface:<BR />interface GigabitEthernet1/1<BR />bridge-group 99<BR />nameif prod<BR />security-level 100<BR />!</P><P>But&nbsp; when i try to connect host 10.1.1.4 to the interface 1 It let me still ping to 10.1.1.3 (BVI interface).&nbsp; what i want to achieve is it should not let anything inn if the ip address is not 10.1.1.1&nbsp; on port 1 .&nbsp;</P><P>&nbsp;</P><P>Can you help pls ?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 09 Feb 2020 11:51:58 GMT LANSK 2020-02-09T11:51:58Z Can not get ACL work on AS Firewall https://community.cisco.com/t5/network-security/can-not-get-acl-work-on-as-firewall/m-p/4026380#M22745 <P>Gents ,&nbsp;</P><P>I have a ASA 5506 Firewall work as a transparent mood.&nbsp; I am trying to add ACL to port 1 and 2 to accept only 2 specific ip address to that port.</P><P>this ASA have BVI interface&nbsp; that assigned to PORT 1 and PORT 2 on the firewall.</P><P>ASA giga Port 1 must accept only device that contain ip 10.1.1.1 and ASA giga port 2 must accept only device that contain the ip&nbsp; 10.1.1.2 .&nbsp;</P><P>Both ports are on the same security level and traffic transport between same security level is enabled. ASA is not connected to internet.</P><P>&nbsp;</P><P>&nbsp;I try to write an ACL as follows :</P><P>create an object</P><P>&nbsp;</P><P>object network FBM<BR />host 10.1.1.1</P><P>&nbsp;</P><P>Create ACL<BR />access-list BLK&nbsp; extended permit ip object FBM any</P><P>&nbsp;</P><P>access-group<BR />access-group BLK&nbsp; in interface prod</P><P>&nbsp;</P><P>Interface:<BR />interface GigabitEthernet1/1<BR />bridge-group 99<BR />nameif prod<BR />security-level 100<BR />!</P><P>But&nbsp; when i try to connect host 10.1.1.4 to the interface 1 It let me still ping to 10.1.1.3 (BVI interface).&nbsp; what i want to achieve is it should not let anything inn if the ip address is not 10.1.1.1&nbsp; on port 1 .&nbsp;</P><P>&nbsp;</P><P>Can you help pls ?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 09 Feb 2020 11:51:58 GMT https://community.cisco.com/t5/network-security/can-not-get-acl-work-on-as-firewall/m-p/4026380#M22745 LANSK 2020-02-09T11:51:58Z Re: Can not get ACL work on AS Firewall https://community.cisco.com/t5/network-security/can-not-get-acl-work-on-as-firewall/m-p/4026502#M22746 <P>You need to deny the ICMP packets using the ICMP deny command.</P> <P>If you want to deny all packets on a specific interface use the following command.</P> <P>icmp deny 0.0.0.0 0.0.0.0 echo prod</P> Sun, 09 Feb 2020 21:28:11 GMT https://community.cisco.com/t5/network-security/can-not-get-acl-work-on-as-firewall/m-p/4026502#M22746 Marius Gunnerud 2020-02-09T21:28:11Z