12-13-2012 04:29 PM - edited 03-11-2019 05:37 PM
I was configure 3 interface on ASA
1st - managemetn (only for management)
2nd - gig0/0 is connected to internet with real IP
3rd - gig0/1 is connected to local network
I was configure routed NAT to internet.
But I have problem with restriction incomming traffic to inside interface (ifname is inside)
I was create access lists
access-list INSIDE_IN extended permit ip object-group ADMIN any
access-list INSIDE_IN extended deny ip any any
And link access list to inside interface by rule
access-group INSIDE_IN in interface inside
but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.
Please help me anybody.
12-13-2012 08:48 PM
Do you try to limit access to the ASA inside interface itself just from a specific IP Address?
How are you trying to access the inside interface? SSH? HTTP? Ping?
Access-list applied to the inside interface is configured for traffic going through the firewall, eg: from inside network to internet, not for traffic towards the ASA interface.
If you are trying to limit access to the ASA interface itself, then you should be using the ssh, http, or icmp command to only allow access to specific IP.
12-13-2012 09:26 PM
Now all is clear.
I has been doubt in the question how access-lists is working with traffic going towards the ASA interface.
Thank You for responce
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide