https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099660#M394125 <HTML><HEAD></HEAD><BODY><P>Do you try to limit access to the ASA inside interface itself just from a specific IP Address?</P><P>How are you trying to access the inside interface? SSH? HTTP? Ping?</P><P></P><P>Access-list applied to the inside interface is configured for traffic going through the firewall, eg: from inside network to internet, not for traffic towards the ASA interface.</P><P></P><P>If you are trying to limit access to the ASA interface itself, then you should be using the ssh, http, or icmp command to only allow access to specific IP.</P></BODY></HTML> Fri, 14 Dec 2012 04:48:50 GMT Jennifer Halim 2012-12-14T04:48:50Z https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099659#M394124 <P>I was configure 3 interface on ASA</P><P>1st - managemetn (only for management)</P><P>2nd - gig0/0 is connected to internet with real IP</P><P>3rd - gig0/1 is connected to local network</P><P></P><P>I was configure routed NAT to internet.</P><P>But I have problem with restriction incomming traffic to inside interface (ifname is inside)</P><P>I was create access lists </P><P>&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>access-list INSIDE_IN extended permit ip object-group ADMIN any</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp;&nbsp; access-list INSIDE_IN extended deny ip any any</STRONG></P><P>And link access list to inside interface by rule</P><P>&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>access-group INSIDE_IN in interface inside</STRONG></P><P> but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.</P><P></P><P><STRONG>Please help me anybody.</STRONG></P> Tue, 12 Mar 2019 00:37:08 GMT https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099659#M394124 Nikolay Savin 2019-03-12T00:37:08Z https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099660#M394125 <HTML><HEAD></HEAD><BODY><P>Do you try to limit access to the ASA inside interface itself just from a specific IP Address?</P><P>How are you trying to access the inside interface? SSH? HTTP? Ping?</P><P></P><P>Access-list applied to the inside interface is configured for traffic going through the firewall, eg: from inside network to internet, not for traffic towards the ASA interface.</P><P></P><P>If you are trying to limit access to the ASA interface itself, then you should be using the ssh, http, or icmp command to only allow access to specific IP.</P></BODY></HTML> Fri, 14 Dec 2012 04:48:50 GMT https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099660#M394125 Jennifer Halim 2012-12-14T04:48:50Z https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099661#M394126 <HTML><HEAD></HEAD><BODY><P>Now all is clear.</P><P>I has been doubt in the question how access-lists is working with traffic going towards the ASA interface.</P><P>Thank You for responce</P></BODY></HTML> Fri, 14 Dec 2012 05:26:13 GMT https://community.cisco.com/t5/network-security/asa-5520-can-t-block-incomming-traffic/m-p/2099661#M394126 Nikolay Savin 2012-12-14T05:26:13Z