10-17-2012 10:04 AM - edited 03-11-2019 05:10 PM
Background:
This is my 1st time working with the post 8.4 IOS on the ASA and have a question regarding access lists. My ASA is running ver 8.6 and is configured with 3 interfaces, inside, data and outside. The inside network is for management\monitoring and should always be protected. The data network hosts servers and PCs. All traffic originating from this network destined to the internet should be allowed to pass though the data interface. Right now, i do not have any access-lists or access-groups created on on the inside and data interfaces. All computers behind the data interface can access the internet on all protocols as expected.
Issue:
I have a monitoting servers in the inside network that all systems in the data network need to communicat to on tcp port 10000. Once I add an access-list on the data interface all traffic destined to the internet is blocked
access-list acl_data permit tcp any host monitoring server eq 10000
How can i ensure that all internet traffic is permitted, while protecting my inside network and allowing servers to communicate with the management server ?
Solved! Go to Solution.
10-17-2012 12:04 PM
Hello Phillipe, You will need the following
access-list acl_data permit tcp any host monitoring server eq 10000
access-list acl_data deny ip any internal_subnet
access-list acl_data permit ip any any
Hope this helps,
Julio
Remember to rate all of the helpful posts
10-17-2012 12:04 PM
Hello Phillipe, You will need the following
access-list acl_data permit tcp any host monitoring server eq 10000
access-list acl_data deny ip any internal_subnet
access-list acl_data permit ip any any
Hope this helps,
Julio
Remember to rate all of the helpful posts
10-17-2012 12:32 PM
Thanks, That worked perfecty
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide