cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
0
Helpful
1
Replies

acl allowing guest access

bschussl
Level 1
Level 1

I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.  I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,  10.100.1 - 40.x, and others.  I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.  The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses.  I'd sure appreciate any guidance someone could give me.

Bob in Indiana

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Put in the ACL to deny from 10.100.41.0 /24 to all RFC 1918 networks (10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16). From higher security inside (where it resides) to lower security outside (Internet) there is an implict allow which will normally use the global or other NAT (or PAT) pool you have setup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: