Solved: ACL on ASASM

zhiqiang.yan · ‎09-14-2011

Hi,

I am reading the ASASM configuration guide.

About ACL, there is "Implicit Permits" that allows traffic from a higher secuity interface to a lower one. But on the other hand, "To allow any traffic to enter the ASASM, you must attach an inbound access rule to an interface; otherwise, the ASASM automatically drops all traffic that enters that interface."

This sounds confused. For example, if a context has only "inside" and "outside" interface, and I need permit all from "inside" and a filter for traffic from "outside". Then do I still need a "permit any" rule attach to the "inside" interface?

Thanks,

varrao · ‎09-14-2011

Hi,

Yes you are correct, the concept is different on ASA and ASASM.

On ASA, you dont need any ACL, if the traffic is going from inside to outside(higher to lower), beacuse there is an implicit allow acl.

On ASASM, you would definitely need an acl, if you are going from lower to higher security or from higher to lower security, ACL is very much needed.

Do let me know if you have any queries.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎09-14-2011

Hi,

Yes you are correct, the concept is different on ASA and ASASM.

On ASA, you dont need any ACL, if the traffic is going from inside to outside(higher to lower), beacuse there is an implicit allow acl.

On ASASM, you would definitely need an acl, if you are going from lower to higher security or from higher to lower security, ACL is very much needed.

Do let me know if you have any queries.

Thanks,

Varun

Thanks,
Varun Rao