Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

Allowing any trafic to the outside interface.

David Shearing
Level 1
Level 1

‎02-17-2011 05:09 AM - edited ‎03-11-2019 12:52 PM

Hi,

I was hoping someone could help me with a rule on an ASA 5510.

access-list inside_access_in extended permit ip any interface Outside

rule.JPG

The idea is to simply deny access to any other network, but allow access to the Outside Interface for Internet connectivity.  Having given it a try it doesnt appear to have worked.  But if i switch the rule for an any - any rule its fine?

Am i going about this completely the wrong way?

Thanks for the help.

David

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-17-2011 05:53 AM

David,

The ACLs on the ASA apply for pass-thru traffic (not to-the-box traffic).

This means when applying an ACL, the ASA will check it against traffic passing through it.

It will not check the ACL for traffic intended to the ASA itself.

If you include a control-plane keywork on the access-group, then the ASA will check it against itself.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card