07-13-2017 04:17 AM - edited 03-12-2019 02:41 AM
Hi guys, I hope someone can help. I need to do the following actions on the attached ASA
* Block all Internet from LAN
* Block all connections to 10.56.0.0 /16
* Block all connections to 10.57.0.0 /16
* Allow connections from LAN to 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32
Could someone help me out with how I should configure the ACLs?
Thank you :-)
07-13-2017 12:20 PM
Hi BHconsultants88@,
Can you let me know where 10.56.0.0/16 and 10.57.0.0/16 subnets are?
These are not directly connected to ASA and there is no route for these subnets.
Do you want to block internet access to LAN ?
Do you want to block connections from LAN to 10.56.0.0/16 & 10.57.0.0/14?
Do you only want to allow traffic from LAN to the followin specific IP's 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32?
07-13-2017 01:18 PM
Hi, thanks for the reply. The 10.56 and 10.57 networks are both in HQ. There's VPN tunnel config that's not in the attached, config - these subnets are connected via the tunnel
To clarify, this is what I need (slightly different to above)
Block internet from source 10.154.246.12
Allow Internet from rest of LAN
Block access to 10.56 and 10.57 networks from 10.154.246.12 host
Allow traffic from LAN to the followin specific IP's 10.56.40.195/32, 10.56.40.196/32, 10.56.40.197/32, 10.56.40.198/32, 10.56.40.199/32, 10.56.40.200/32?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide