topic Re: Access rule is not working. in Network Security

Access rule is not working.

AlfredoA — Fri, 21 Feb 2020 15:54:15 GMT

So, I have the ASA 5505 Firewall. I generate an ACL to block three IP. Those IP are from outside and are generating fraffic with an internal server.

After aome hours I still get traffic from those IPs as you can see in the nex image:

The IP 181.174.99.146 should be blocked, but it is not. I will apreciate any explanation so I can understand why is this happening.

Sorry about my english.

Re: Access rule is not working.

balaji.bandi — Wed, 20 Jun 2018 20:14:31 GMT

I believe if the the traffic initiated from inside it still work, but the source coming from outside it should block.

depends on how you configured, since its object we can not see what is inside that group

better watch on Monitoring see is that allowed from outside to inside or inside to outside.

* After configure rule have you saved and published the config.

Re: Access rule is not working.

AlfredoA — Wed, 20 Jun 2018 20:37:00 GMT

Actually I think I get it now. It was working coming from outside. The problem is the traffic initiated from inside. I'll add an ACL outside (outgoing rules) to make it work.

Thanks.

Re: Access rule is not working.

balaji.bandi — Wed, 20 Jun 2018 20:53:38 GMT

Yes good catch. let me know how to goes.

Re: Access rule is not working.

AlfredoA — Wed, 20 Jun 2018 20:57:51 GMT

I've created new rules:

Do yo think I need a rule: permit: any - any in the outside interface? as I did in the inside interface?

Re: Access rule is not working.

balaji.bandi — Wed, 20 Jun 2018 21:30:14 GMT

Inside to outside is ok, but outside (un-trusted traffic coming in always bad - until there is a requirement for specific rule).

To make Granular and best practice always permit what required, and rest let it go to deny deny in the last rule

on both Inside and outside.