ASA 8.3 MAC address filtering.

Computer-MOI · ‎11-04-2012

Does ASA 8.3 support MAC address filtering, I want to allow a single specific laptop to login to the ASA 8.3 firewall (for management) from anywhere on the internet, I know I can do it through VPN but I want a simple MAC address access list or something......

Karsten Iwen · ‎11-05-2012

That can't be done. The mac-access-lists are for the transparent firewall. And the ASA doesn't see the MAC of the client that connects through the internet.

You can restrict access by IP-address and of course you should deploy a strong authentication as well.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Computer-MOI · ‎11-05-2012

well, can I install a second ASA into a transparent mode firewall instead of wasting L2 switch to do the task?

Karsten Iwen · ‎11-05-2012

After reading your post again I see that my answer was not correct. I was thinking you were talking about the ethertype ACLs which are used in transparent firewalling. The MAC-lists you probably refer to work also on routed mode, but still, can not be used in your case. Your ASA only sees the MAC-adress of the provider-router and not the MAC of the client that connects.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni