https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469740#M268248 <P>Hi,</P><P>I have a 5550 working in routed mode with 8.0(4) version. My configuration have one physical interface&nbsp;in tunnel mode with 4 subinterface,&nbsp;3 of them are inside and the forth one is dmz interface.&nbsp;Another phisical interface is configured as Outside interface.</P><P>On the inside interfaces there are applied ACLs inbound to allow only permitted traffic and at the end of all ACL there are the implicit deny rule. As I excpected all and just all permitted traffic by acl are allowed to pass through inside interfaces to less secure interface as Outside, while all other traffic denied by implicit deny rule. Instead I am experiencing a strange behavior on the inside interfaces that i can't undestand, It seems as implicit deny rule not working and all traffic is permitted. To block traffic I needed to apply manually a deny any any rule to all inside interface's ACL.</P><P>Can pleas anyone help me to undestand this behaviour? Is it due a wrong configuration or just a bug?</P><P>Any suggestion&nbsp;will be&nbsp;very appreciated.</P><P>&nbsp;</P><P>Thanks</P><P>angelo</P> Tue, 12 Mar 2019 03:57:33 GMT ANGELO DE MASI 2019-03-12T03:57:33Z https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469740#M268248 <P>Hi,</P><P>I have a 5550 working in routed mode with 8.0(4) version. My configuration have one physical interface&nbsp;in tunnel mode with 4 subinterface,&nbsp;3 of them are inside and the forth one is dmz interface.&nbsp;Another phisical interface is configured as Outside interface.</P><P>On the inside interfaces there are applied ACLs inbound to allow only permitted traffic and at the end of all ACL there are the implicit deny rule. As I excpected all and just all permitted traffic by acl are allowed to pass through inside interfaces to less secure interface as Outside, while all other traffic denied by implicit deny rule. Instead I am experiencing a strange behavior on the inside interfaces that i can't undestand, It seems as implicit deny rule not working and all traffic is permitted. To block traffic I needed to apply manually a deny any any rule to all inside interface's ACL.</P><P>Can pleas anyone help me to undestand this behaviour? Is it due a wrong configuration or just a bug?</P><P>Any suggestion&nbsp;will be&nbsp;very appreciated.</P><P>&nbsp;</P><P>Thanks</P><P>angelo</P> Tue, 12 Mar 2019 03:57:33 GMT https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469740#M268248 ANGELO DE MASI 2019-03-12T03:57:33Z https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469741#M268250 <P>Please post yoour config. All in all it should work as expected.</P> Tue, 18 Mar 2014 16:38:39 GMT https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469741#M268250 Karsten Iwen 2014-03-18T16:38:39Z https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469742#M268251 <P>Hi Karsten,</P><P>thank you for your reply.</P><P>Issue is due the Cisco Bug ID CSCsq91277 . I solved to upgrade release on ASA.</P><P>Thank you anyway</P><P>Regards</P><P>angelo</P> Wed, 19 Mar 2014 15:24:59 GMT https://community.cisco.com/t5/network-security/asa-implicit-deny-rule/m-p/2469742#M268251 ANGELO DE MASI 2014-03-19T15:24:59Z