11-04-2012 11:15 PM - edited 03-11-2019 05:18 PM
Does ASA 8.3 support MAC address filtering, I want to allow a single specific laptop to login to the ASA 8.3 firewall (for management) from anywhere on the internet, I know I can do it through VPN but I want a simple MAC address access list or something......
11-05-2012 01:38 AM
That can't be done. The mac-access-lists are for the transparent firewall. And the ASA doesn't see the MAC of the client that connects through the internet.
You can restrict access by IP-address and of course you should deploy a strong authentication as well.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-05-2012 01:53 AM
well, can I install a second ASA into a transparent mode firewall instead of wasting L2 switch to do the task?
11-05-2012 02:10 AM
After reading your post again I see that my answer was not correct. I was thinking you were talking about the ethertype ACLs which are used in transparent firewalling. The MAC-lists you probably refer to work also on routed mode, but still, can not be used in your case. Your ASA only sees the MAC-adress of the provider-router and not the MAC of the client that connects.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide