03-16-2013 05:40 PM - edited 03-11-2019 06:15 PM
Hello,
I have a ASA 5505 with the security plus license. I have 7 vlans, 2 are guest vlans for wireless and wired connections. I am allowing traffic from the guest vlans to any with the http & https protocols I have ACL's in place before the allow all rule that do not allowed traffic from the guest vlans to the other vlans. Is there any way to have all traffic from the guest vlans to always go to the outside interface for the http & https traffic in stead of trying to go to the other vlans first, I know I have the ACL's in place to prevent the traffic but if I would feel better if I had this in place as well.
Vinny
Solved! Go to Solution.
03-16-2013 10:38 PM
Hello,
The ASA does not support PBR so you cannot go with that one so the only option left would be the one you already did so good job on that one Vinny as you did it properly
Regards
03-16-2013 10:05 PM
Hello Vinny,
Just play with the ACL and deny the HTTP and HTTPS traffic from that subnet ( Guest) to any other vlan subnet and finally permit all HTTP and HTTPS access on the same ACL.
That should take care of that
03-16-2013 10:31 PM
That's exactly what I did. I though maybe there way a better method of maybe "all traffic on x vlan using http/s go directly to the outside interface"
Sent from Cisco Technical Support iPhone App
03-16-2013 10:38 PM
Hello,
The ASA does not support PBR so you cannot go with that one so the only option left would be the one you already did so good job on that one Vinny as you did it properly
Regards
03-16-2013 10:49 PM
Thank you trying to be security conscious. I do not even have same interface trust turned on. If I need to get to a resource on the same vlan I add it to a outgoing acl on that vlan...little nuts but you have to be.
Thanks again!
Sent from Cisco Technical Support iPhone App
03-16-2013 11:30 PM
If it's on the same vlan traffic should not reach the ASA but you got the point
Regards,
Remember to rate all of the helpful posts and mark the question as answered unless you have any questions ( If you do not know how to select a question as answered let me know)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide