Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2027
Views
5
Helpful
5
Replies

Block Traffic of MPLS on Cisco ASA

Go to solution
Santimac
Level 1
Level 1

‎09-04-2019 12:39 PM - edited ‎02-21-2020 09:27 AM

Hello,

I have a CISCO ASA to get Internet, some VPNs, etc. and I have a MPLS to connect other Location, I want to Block certain traffic on this MPLS through the FW, but it seems that the ACLs that I created under ACL Manager are not working, the traffic is allwas allowed, please check my basic Diagram.

 

 

Picture1.pngWhen I make a Packet Trace, I have the next result:

Untitled.png

When I click on Show Rule, this is what I Got:

 

Untitled1.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Santimac

‎09-05-2019 12:07 PM

You can bring the MPLS network Outside of ASA, so Users from inside ASA can restrict as per your requirement.

 

allow only required people to access MPLS, and we are not sure how your MPLS network utilized what services for

 

if you move MPLS outside ASA, you need to have rules in place for those Service to reach MPLS network from your LAN or users

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-04-2019 02:25 PM

Your HLD diagram does not show that traffic always passing thorugh ASA, if the Link terminated to Switch. and device connected to same switch, they have no effect on your FW.

 

you need to give more information. are these device behind ASA inside ?

 

can you post the configuraiton, and tell us what is MPLS side IP address trying to connect Local Device RDP IP address which was getting access, even you mentioned it was blocked ?

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Santimac
Level 1
Level 1
In response to balaji.bandi

‎09-05-2019 05:40 AM

Thanks,
I forgot to post that I have a Cisco9K where all Default Gateways for my VLANs, and in this 9K is the Route for the MPLS, so as you said, I supposed the traffic from a Machine to the MPLS is not getting effect on the ASA correct?
Thanks
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Santimac

‎09-05-2019 09:20 AM

As i have mentioned earlier, if the ASA not in the path, there is no control you have with ASA.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Santimac
Level 1
Level 1
In response to balaji.bandi

‎09-05-2019 11:33 AM

It is possible to connect the MPLS Router to an Interface of the ASA?

Thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Santimac

‎09-05-2019 12:07 PM

You can bring the MPLS network Outside of ASA, so Users from inside ASA can restrict as per your requirement.

 

allow only required people to access MPLS, and we are not sure how your MPLS network utilized what services for

 

if you move MPLS outside ASA, you need to have rules in place for those Service to reach MPLS network from your LAN or users

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card