cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

191
Views
0
Helpful
4
Replies
Highlighted
Beginner

Access-list don't work

Hello All,

I have a Cisco Router connected to two ISPs and behind that I have a Cisco ASA connected to internal LAN who access internet.
I am trying to block an external public IP on ASA however it does not work as i see logs on the Server from that IP.
Now my question is do i need to block this IP on the router facing the ISP as natting with public IP is done there?
Also on Cisco ASA i have done natting again to hide the internal private IP of my Servers.

Hope iam clear.

Thanks

4 REPLIES 4
Highlighted
VIP Advisor

You should be able to block this on the ASA. Unless you are doing outside NAT or destination NAT then the public IP you are trying to block will not change.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Highlighted

Hello Marius,

I am doing NAT both on my ASA as wel as on the internet facing router.

Also i see external IPs in the show xlate command and in logs as well.

However while trying to block one of the external IP on ASA it didn't worked although i am able to see the logs of that IP on the Server which is behind the ASA.

Kindly suggest.

Thanks

Highlighted

please note i am using Static NAT both on ASA and on Router.

This i guess will do bidirectional natting both for outgoing as well as incoming traffic.

Let me know if this is the case then why i see external IPs in the firewall logs.

Thanks

Highlighted

Could you post the NAT configuration as well as the ACL configuration for this traffic.

Also if you could post a network diagram with the traffic flow that would be helpful.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Content for Community-Ad