Solved: ASA 5520 ASDM 6.4: Access Rules vs. ACL/ACE

dan · ‎11-03-2011

Hi,

I am new to Cisco firewalls. We are moving from a different vendor to ASA 5520s. So far my "training" for Cisco consists of s Cisco press book, some white papers and guides, this website, and a bunch of mistakes. So, I have what is probably a pretty basic question for most folks.

Can some one help me understand the difference between Firewall Access Rules and ACL/ACE? And when to use which?

for example: on my ASA 5520s I've set up an Interface for my internal LAN: 172.16.x.x., a DMZ 192.168.2.0/24, and an interface for the Internet side. The 5520 is set up as a routing firewall betwen my internal lan, DMZ, and Internet.

If I want to allow my internal users Internet access for http and https would I use a Firewall Access rule?

For most of my rules allowing outbound access from my 172 LAN and DMZ and inbound access to devices in my DMZ can I mostly utilize the Firewall Access Rules?

Under what circumstance would I use ACL/ACE?

Any help greatly appreciated.

Dan

Maykol Rojas · ‎11-03-2011

Hello Dan,

Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.

Let me know if you need more clarification.

Mike

View solution in original post

Maykol Rojas · ‎11-03-2011

Hello Dan,

Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.

Let me know if you need more clarification.

Mike