cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
393
Views
0
Helpful
1
Replies

ASA Configuration help Required

sairamteju
Level 1
Level 1

Hi,

Need help in configuring the ASA Firewall. We have a ASA Firewall in which one interface is WAN link, one is production link and the other is the connectivity to corporate location.

My production servers will be sitting behind the production interface.

Any server which will communicate from corporation link will pass through the corporation interface and then through Production interface.

Any traffic from WAN link will pass through WAN interface and then through Production interface.

Now my doubt is on production interface rules are not binded to incoming or outgoing...i.e..when i create a rule on production incoming interface this is getting replicated to the production outgoing interface. How should i configure so that i can create separate rules on production incoming and production outgoing.

In current scenario when traffic from wan is coming rule has to be configured on production interface also and also traffic from Corporate office also i need to configure on production interface. And all the rules are replicating on incoming as well as outgoing.

Please let me know how best i can configure the firewall so that i can be clear in creation of rules. I hope my question is understandable.

Thanks in Advance.

Krishna.

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

sairamteju wrote:

Hi,

Need help in configuring the ASA Firewall. We have a ASA Firewall in which one interface is WAN link, one is production link and the other is the connectivity to corporate location.

My production servers will be sitting behind the production interface.

Any server which will communicate from corporation link will pass through the corporation interface and then through Production interface.

Any traffic from WAN link will pass through WAN interface and then through Production interface.

Now my doubt is on production interface rules are not binded to incoming or outgoing...i.e..when i create a rule on production incoming interface this is getting replicated to the production outgoing interface. How should i configure so that i can create separate rules on production incoming and production outgoing.

In current scenario when traffic from wan is coming rule has to be configured on production interface also and also traffic from Corporate office also i need to configure on production interface. And all the rules are replicating on incoming as well as outgoing.

Please let me know how best i can configure the firewall so that i can be clear in creation of rules. I hope my question is understandable.

Thanks in Advance.

Krishna.

Krishna

If you want to control inbound and outbound traffic on the same interface ie. in your case the production interface then you can use 2 access-lists. One for inbound traffic ie. traffic from the production network to somewhere else and one for outbound traffic ie. traffic from somewhere else to the production network.

Each interface on an ASA support 2 access-list one in each direction. You specify the direction when you bind the acl to the interface eg.

access-group prod_in in interface production

access-group prod_out out interface production

where prod_in and prod_out are the names of the access-lists and the interface is called production.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: