Solved: It is called an access-list.

Mary Poppins · ‎02-20-2016

Dear All,

Is there any chance to disable the implicit rules, which apply the forwarding from higher-security level to a lower-security interface for an ASA 5505? I have more than one inside LAN and I don't want to add an explicit deny rule for every interface traffic which flows any other inside network. Because some hosts (and only those) should be communicate to the other inside lan, it would make my life easier only add the permit rules and a deny any any at the end.

Thank you very much

Marius Gunnerud · ‎02-21-2016

It is called an access-list. The access-list has an implicit deny any any at the end. so just apply the permit rules an everything else will be denied.

Keep in mind that once you add the ACLs to the interface/s the security level for that interface is no longer active...that is until the ACL is removed again.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎02-21-2016

It is called an access-list. The access-list has an implicit deny any any at the end. so just apply the permit rules an everything else will be denied.

Keep in mind that once you add the ACLs to the interface/s the security level for that interface is no longer active...that is until the ACL is removed again.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Mary Poppins · ‎02-22-2016

Thank you for your kindness. Sorry, I configured an ACE with allow LAN to any for the LAN network in order to be able to reach the internet and this rule (destination: any) permits access other inside networks...

So ASA works like a charm. I added a deny rule for all inside networks access lists into the line 1 that deny access to all other inside networks.

Thank you very much

ASA 5505 implicit rules