I need a guide to ACLs that won't make my head explode.

lonelyadmin · ‎10-16-2018

I've inherited a setup that I've never dealt with before.

I have a L3 switch 4500X connected to an ASA, nothing fancy. Several L3 VLANS on the 4500 with routing enabled that all connect to the ASA over a transit subnet, which works. Until recently the customer thought that the VLANs were secured between one another, they thought they were going through the ASA, like the ASA was a router. That's not the case though, all VLANs are free to route between one another and the only security is between the and the lower security interfaces on the ASA. I need to setup ACLs between the VLANS as they all need to communicate in some fashion between offices, i.e. shared servers, printers, etc.

Reading the cisco docs on acls is rough, anyone have any recommendations on some tutorials for acls being used in this manner?

Richard Burts · ‎10-19-2018

As you have probably discovered there are many articles and documents that discuss using Cisco Access Control List to implement security restrictions and certainly there should be some that do not make your head explode. I suggest that your first step should be to clarify the requirements. You can look at it in terms of what should communicate between vlans. You can also look at it in terms of what should not communicate between vlans. Ultimately you need to reconcile both views and that will guide you in what the ACLs need to do.

One thing that you might consider is that if there are some devices, like printers or servers that should be accessible from multiple vlans to put those devices into a separate vlan that is allowed to every other vlan and then put restrictions between the other vlans.

HTH

Rick

HTH

Rick

mkazam001 · ‎11-04-2018

not bad for the ACL basics:

https://www.routerfreak.com/understanding-access-control-lists-acl/

https://www.auvik.com/media/blog/acls-cisco-asa-firewalls/

regards

azam