08-12-2016 12:26 AM - edited 03-12-2019 01:07 AM
Hello,
I have one silly quesiton maybe. When we create acl for the inside interface of ASA for example, we define some rules etc., and then it is wanted that inside subnet should access the internet. Then we write the next rule at the end:
access-list inside_in extended permit ip object inside_net any
When this line is written, all the previous lines are non-sense then, because it will allow inside traffic to go everywhere. Is there any suggestion or best practise?
Regards and thanks for the response.
Solved! Go to Solution.
08-13-2016 02:30 PM
access-list 100 deny ip 192.168.0.0 255.255.0.0 any
access-list 100 permit ip 192.168.1.50 255.255.255.0 any
access-list 100 permit ip 10.10.0.0 255.255.255.0 any
access-list 100 permit ip 192.168.0.0 255.255.0.0 172.16.6.0 255.255.255.0
access-list 100 deny ip any any
08-13-2016 02:30 PM
access-list 100 deny ip 192.168.0.0 255.255.0.0 any
access-list 100 permit ip 192.168.1.50 255.255.255.0 any
access-list 100 permit ip 10.10.0.0 255.255.255.0 any
access-list 100 permit ip 192.168.0.0 255.255.0.0 172.16.6.0 255.255.255.0
access-list 100 deny ip any any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: