Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
0
Helpful
2
Replies

ASA: How to block specific IP addrs from Inside->Outside

goodwinscott
Level 1
Level 1

‎07-13-2009 10:26 AM - edited ‎03-11-2019 08:54 AM

(ASA5520 v8.0(4)23)

Need a strategy recommendation on the best way to block access to specific (public) IP addresses from access by Inside hosts. Presently we have no access list rules for Inside>Outside, unlike our DMZ where these permissions are very granular.

What's the best way to do this without having to create a long list of rules to define Inside->Outside traffic?

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎07-13-2009 10:37 AM

if you know which outside hosts need blocked from inside hosts you can either create the ACL ingress on the inside interface, or egress on the outside interface.

This would be a good place to use object-groups.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎07-13-2009 11:05 AM

Most security conscience firms do have a long list of ACE on the inside interface. Another option is to use a proxy server. It's easier to filter on content than by ever changing IP's. If th list is small you could use regex.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card