https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055143#M915911 <HTML><HEAD></HEAD><BODY><P>Oke,</P><P></P><P>Is it possible to make an access-list only for permit our denied traffice what is incomming on specify interface. </P><P></P><P>I have an inside vlan what needs permitting smtp when its routing to the outside interface. </P><P></P><P>When the outside interface is down the cisco firewall does make an auto routing to the backup interface. </P><P></P><P>Know i want an access-list that deny traffic smtp from inside to the backup interface. </P><P></P><P>I think this is possible with outbound access-listing?</P></BODY></HTML> Sun, 27 Jul 2008 09:20:03 GMT supportvoiceit 2008-07-27T09:20:03Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055139#M915906 <P>Hi Experts,</P><P></P><P>I have an question about access-listing. </P><P></P><P>Information:</P><P>Firewall with three vlan`s.</P><P></P><P>1 INSIDE</P><P>2 OUTSIDE</P><P>3 BACKUP</P><P></P><P>Is it possible to only make an ACL from inside to backup segment? On this moment i have an server in inside with smtp any. But is want make an deny rule of this server from inside to backup vlan smtp. </P><P></P><P>is this possible? If somebody know the answer please can you send my the cmdlets. </P><P></P><P>Thanks a lot!</P><P></P><P>Bart.</P><P></P> Mon, 11 Mar 2019 13:20:42 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055139#M915906 supportvoiceit 2019-03-11T13:20:42Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055140#M915908 <HTML><HEAD></HEAD><BODY><P>Bart,</P><P></P><P>Yes it's possible - it is just basic source and destination access-list commands.</P><P></P><P>The below url is full of information that will help you:-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html</A></P><P></P><P></P><P>HTH&gt;</P></BODY></HTML> Sat, 26 Jul 2008 20:56:43 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055140#M915908 andrew.prince 2008-07-26T20:56:43Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055141#M915909 <HTML><HEAD></HEAD><BODY><P>There are so lot of information on that website, that i cannot find the information what i need. </P><P></P><P>I want the following:</P><P></P><P>ACL from INSIDE server to OUTSIDE any permit SMTP (public-ip-address).</P><P></P><P>and when the outside is down (ISP-failover)</P><P></P><P>ACL from INSIDE to BACKUP deny smtp smarthost isp first one</P><P>ACL from INSIDE to BACKUP permit smtp any</P><P></P><P>Is this possible?</P><P>One this momment i can not select an network als exampel BACKUP en then deny specified ip.</P><P></P><P>I Hope somebody can helping my or have experience with this..</P></BODY></HTML> Sun, 27 Jul 2008 08:58:35 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055141#M915909 supportvoiceit 2008-07-27T08:58:35Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055142#M915910 <HTML><HEAD></HEAD><BODY><P>it sounds not hard</P><P>but i couldnt understand ur requirements</P><P>could u send a bit more clear details about ur requerments to let me help u </P><P></P><P>thank u </P></BODY></HTML> Sun, 27 Jul 2008 09:08:21 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055142#M915910 Marwan ALshawi 2008-07-27T09:08:21Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055143#M915911 <HTML><HEAD></HEAD><BODY><P>Oke,</P><P></P><P>Is it possible to make an access-list only for permit our denied traffice what is incomming on specify interface. </P><P></P><P>I have an inside vlan what needs permitting smtp when its routing to the outside interface. </P><P></P><P>When the outside interface is down the cisco firewall does make an auto routing to the backup interface. </P><P></P><P>Know i want an access-list that deny traffic smtp from inside to the backup interface. </P><P></P><P>I think this is possible with outbound access-listing?</P></BODY></HTML> Sun, 27 Jul 2008 09:20:03 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055143#M915911 supportvoiceit 2008-07-27T09:20:03Z https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055144#M915912 <HTML><HEAD></HEAD><BODY><P>sure u can</P><P>if ur traffic going to known/spesified subnet or network u can use outbound ACL in the IN direction on ur inside interface</P><P>but if u dont know i mean the destination in ur ACL is any</P><P>then mak a deny statment in an ACL that deny whatever traffic u want </P><P>and apply it in outbound direction on the backup interface</P><P>access-list 100 deny tcp host 1.1.1.1 any eq smtp</P><P>access-list 100 permit ip any any</P><P></P><P>access-group 100 OUT interface backup</P><P></P><P>good luck </P><P></P><P>please, Rate if helpful</P></BODY></HTML> Sun, 27 Jul 2008 09:31:04 GMT https://community.cisco.com/t5/network-security/access-list-firewall-asa5505/m-p/1055144#M915912 Marwan ALshawi 2008-07-27T09:31:04Z