Hi, thanks for the reply. The

BHconsultants88 · ‎07-13-2017

Hi guys, I hope someone can help. I need to do the following actions on the attached ASA

* Block all Internet from LAN

* Block all connections to 10.56.0.0 /16

* Block all connections to 10.57.0.0 /16

* Allow connections from LAN to 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32

Could someone help me out with how I should configure the ACLs?

Thank you :-)

Spooster IT Services · ‎07-13-2017

Hi BHconsultants88@,

Can you let me know where 10.56.0.0/16 and 10.57.0.0/16 subnets are?

These are not directly connected to ASA and there is no route for these subnets.

Do you want to block internet access to LAN ?

Do you want to block connections from LAN to 10.56.0.0/16 & 10.57.0.0/14?

Do you only want to allow traffic from LAN to the followin specific IP's 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32?

Spooster IT Services Team

BHconsultants88 · ‎07-13-2017

Hi, thanks for the reply. The 10.56 and 10.57 networks are both in HQ. There's VPN tunnel config that's not in the attached, config - these subnets are connected via the tunnel

To clarify, this is what I need (slightly different to above)

Block internet from source 10.154.246.12

Allow Internet from rest of LAN

Block access to 10.56 and 10.57 networks from 10.154.246.12 host

Allow traffic from LAN to the followin specific IP's 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32?

ASA ACLs