https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889920#M437434 <HTML><HEAD></HEAD><BODY><P>Thanks, I will try to get that output of that command.</P></BODY></HTML> Wed, 09 May 2012 15:34:57 GMT paulbatte 2012-05-09T15:34:57Z https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889916#M437428 <P>I have been told that if an access list is created with the suffix _access_in, that if the preifx is the name of an interface, then that access list is automatically bound to that interface, even if there is no explicit command doing that.</P><P>I looking at the config of an ASA 5550.</P><P></P><P>example:</P><P></P><P>Interface is Production</P><P>access list is called Production_access_in.</P><P></P><P>Is that access list automatically bound to the Production interface, even though it does not show up in any other commands?</P> Mon, 11 Mar 2019 23:04:05 GMT https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889916#M437428 paulbatte 2019-03-11T23:04:05Z https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889917#M437429 <HTML><HEAD></HEAD><BODY><P>Hi Paul,</P><P></P><P>That's not true, you would need to apply the access-list on the interface as well, here is the command for it:</P><P></P><P>access-group Production_access_in in interface Production</P><P></P><P>Only then would the access-list be applied.</P><P></P><P>Here's the guide:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/a1.html#wp1558738" rel="nofollow">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a1.html#wp1558738</A></P><P></P><P>May be they configured using ASDM. But still it needs to be specified.</P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Wed, 09 May 2012 13:40:32 GMT https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889917#M437429 varrao 2012-05-09T13:40:32Z https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889918#M437430 <HTML><HEAD></HEAD><BODY><P>Yes Varun, some of the config was done using ADSM, some not.</P><P></P><P>I am trying to untangle a config that is a number of years old.</P><P>It was worked on by multiple people, some who used ADSM, some who used CLI.</P><P></P><P>My question is at the bottom of the verbage below, but ultimately, if the access list is not included in the access group command, nor is it referenced within one of the nat rules, is that access list used AT ALL within the firreall?</P><P></P><P>An example: is the access list Primary_Public_access_in used at all? </P><P>From what you are saying, it is not.</P><P></P><P>Here is a list of access lists and interfaces I am dealing with, plus the access groups.</P><P></P><P>Interfaces:</P><P></P><P>nameif Primary_Public</P><P>nameif LANx</P><P>nameif Production</P><P>nameif Management </P><P>nameif Corp</P><P></P><P>access list names:</P><P></P><P>Primary_Public_access_in</P><P>Primary_Public_access_in_tmp</P><P>no-nat</P><P>Production_nat0_inbound</P><P>Corp_nat0_outbound</P><P>Corp_nat1_outbound</P><P>LANx_nat0_outbound</P><P>FW_LANx_in</P><P>ARIN_Primary_Public_access_in</P><P></P><P>global (Primary_Public) 1 interface</P><P>global (Primary_Public) 2 xxx.132.123.17 netmask 255.255.255.255</P><P>global (LANx) 102 interface</P><P>nat (LANx) 0 access-list LANx_nat0_outbound</P><P>nat (LANx) 2 192.168.3.0 255.255.255.0</P><P>nat (LANx) 102 0.0.0.0 0.0.0.0</P><P>nat (Production) 0 access-list no-nat</P><P>nat (Production) 0 access-list Production_nat0_inbound outside</P><P>nat (Production) 1 172.20.0.0 255.255.0.0</P><P>nat (Corp) 0 access-list Corp_nat0_outbound</P><P>nat (Corp) 1 access-list Corp_nat1_outbound</P><P>nat (management) 0 access-list Mgmt_nat0_outbound</P><P>nat (management) 1 access-list Mgmt_nat1_outbound</P><P></P><P>access-group Primary_Public_access_in_tmp in interface Primary_Public</P><P>access-group FW_LANx_in in interface LANx</P></BODY></HTML> Wed, 09 May 2012 14:21:55 GMT https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889918#M437430 paulbatte 2012-05-09T14:21:55Z https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889919#M437431 <HTML><HEAD></HEAD><BODY><P>You can try this to find all instances of the access-list in your config:</P><P></P><P>show run | include Primary_Public_access_in</P><P></P><P>This would tell you where all&nbsp; the access-list has been used.</P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Wed, 09 May 2012 14:36:13 GMT https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889919#M437431 varrao 2012-05-09T14:36:13Z https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889920#M437434 <HTML><HEAD></HEAD><BODY><P>Thanks, I will try to get that output of that command.</P></BODY></HTML> Wed, 09 May 2012 15:34:57 GMT https://community.cisco.com/t5/network-security/automatic-naming-binding-of-access-lists-with-asa/m-p/1889920#M437434 paulbatte 2012-05-09T15:34:57Z