10-16-2018 08:47 AM
I've inherited a setup that I've never dealt with before.
I have a L3 switch 4500X connected to an ASA, nothing fancy. Several L3 VLANS on the 4500 with routing enabled that all connect to the ASA over a transit subnet, which works. Until recently the customer thought that the VLANs were secured between one another, they thought they were going through the ASA, like the ASA was a router. That's not the case though, all VLANs are free to route between one another and the only security is between the and the lower security interfaces on the ASA. I need to setup ACLs between the VLANS as they all need to communicate in some fashion between offices, i.e. shared servers, printers, etc.
Reading the cisco docs on acls is rough, anyone have any recommendations on some tutorials for acls being used in this manner?
10-19-2018 07:10 AM
As you have probably discovered there are many articles and documents that discuss using Cisco Access Control List to implement security restrictions and certainly there should be some that do not make your head explode. I suggest that your first step should be to clarify the requirements. You can look at it in terms of what should communicate between vlans. You can also look at it in terms of what should not communicate between vlans. Ultimately you need to reconcile both views and that will guide you in what the ACLs need to do.
One thing that you might consider is that if there are some devices, like printers or servers that should be accessible from multiple vlans to put those devices into a separate vlan that is allowed to every other vlan and then put restrictions between the other vlans.
HTH
Rick
11-04-2018 09:39 AM
not bad for the ACL basics:
https://www.routerfreak.com/understanding-access-control-lists-acl/
https://www.auvik.com/media/blog/acls-cisco-asa-firewalls/
regards
azam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide