cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2270
Views
10
Helpful
5
Replies

Access rule is not working.

AlfredoA
Level 1
Level 1

So, I have the ASA 5505 Firewall. I generate an ACL to block three IP. Those IP are from outside and are generating fraffic with an internal server. 

reglas.JPG

After aome hours I still get traffic from those IPs as you can see in the nex image:

pie.JPG

 

 

The IP 181.174.99.146 should be blocked, but it is not. I will apreciate any explanation so I can understand why is this happening.

 

Sorry about my english.

 

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

I believe if the the traffic initiated from inside it still work, but the source coming from outside it should block.

 

depends on how you configured, since its object we can not see what is inside that group

 

better watch on Monitoring see is that allowed from outside to inside or inside to outside.

 

 * After configure rule have you saved and published the config.

 

BB

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

I believe if the the traffic initiated from inside it still work, but the source coming from outside it should block.

 

depends on how you configured, since its object we can not see what is inside that group

 

better watch on Monitoring see is that allowed from outside to inside or inside to outside.

 

 * After configure rule have you saved and published the config.

 

BB

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Actually I think I get it now. It was working coming from outside. The problem is the traffic initiated from inside. I'll add an ACL outside (outgoing rules) to make it work.

Thanks.

Yes good catch. let me know how to goes.

 

BB

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

I've created new rules:  

 

nuevas reglas.JPG

 

Do yo think I need a rule: permit: any - any in the outside interface? as I did in the inside interface?

Inside to outside is ok, but outside (un-trusted traffic coming in always bad - until there is a requirement for specific rule).

 

To make Granular and best practice always permit what required, and rest let it go to deny deny in the last rule

on both Inside and outside.

 

BB

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card