09-04-2019 12:39 PM - edited 02-21-2020 09:27 AM
Hello,
I have a CISCO ASA to get Internet, some VPNs, etc. and I have a MPLS to connect other Location, I want to Block certain traffic on this MPLS through the FW, but it seems that the ACLs that I created under ACL Manager are not working, the traffic is allwas allowed, please check my basic Diagram.
When I make a Packet Trace, I have the next result:
When I click on Show Rule, this is what I Got:
Solved! Go to Solution.
09-05-2019 12:07 PM
You can bring the MPLS network Outside of ASA, so Users from inside ASA can restrict as per your requirement.
allow only required people to access MPLS, and we are not sure how your MPLS network utilized what services for
if you move MPLS outside ASA, you need to have rules in place for those Service to reach MPLS network from your LAN or users
09-04-2019 02:25 PM
Your HLD diagram does not show that traffic always passing thorugh ASA, if the Link terminated to Switch. and device connected to same switch, they have no effect on your FW.
you need to give more information. are these device behind ASA inside ?
can you post the configuraiton, and tell us what is MPLS side IP address trying to connect Local Device RDP IP address which was getting access, even you mentioned it was blocked ?
09-05-2019 05:40 AM
09-05-2019 09:20 AM
As i have mentioned earlier, if the ASA not in the path, there is no control you have with ASA.
09-05-2019 11:33 AM
It is possible to connect the MPLS Router to an Interface of the ASA?
Thanks
09-05-2019 12:07 PM
You can bring the MPLS network Outside of ASA, so Users from inside ASA can restrict as per your requirement.
allow only required people to access MPLS, and we are not sure how your MPLS network utilized what services for
if you move MPLS outside ASA, you need to have rules in place for those Service to reach MPLS network from your LAN or users
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: