Solved: ASA AIP-SSM services policy rules

yong khang NG · ‎10-04-2011

Hi forumers'

I have a ASA with AIP-SSM. I would like to protect the private LAN apart from internet attack.

i would like to check the ACL direction on ASDM Firewall > Service Policy Rule

1. am i right to set the source : outside interface, destination : 172.16.0.2

or 2. destination set to : 10.10.0.0 / 16

thanks

noel

Alexander Moorthy · ‎10-05-2011

To answer your query in simple just make your Service Policy with the IP address which is visible to the firewall. If the IP address 10.10.0.0/16 are natted on the router with 172.16.0.2,then all the IP address hitting on the firewall will be 172.16.0.2 so make your destination with 172.16.0.2 else if the natting is done on firewall for 10.10.0.0/16 then point the destination to 10.10.0.0/16.

View solution in original post

Alexander Moorthy · ‎10-05-2011

To answer your query in simple just make your Service Policy with the IP address which is visible to the firewall. If the IP address 10.10.0.0/16 are natted on the router with 172.16.0.2,then all the IP address hitting on the firewall will be 172.16.0.2 so make your destination with 172.16.0.2 else if the natting is done on firewall for 10.10.0.0/16 then point the destination to 10.10.0.0/16.