10-12-2007 06:19 AM - edited 03-11-2019 04:24 AM
I am in the middle of a Checkpoint to ASA conversion and so far it's gone pretty well.
My current problem though is that Checkpoint allowed for me to create an ACL that I could specify a group I created called RFC_1918_Group would not be allowed coming in my outside int but everything else would be allowed.
Any way to do this in the ASA without creating a permit statement along with a deny statement?
Attached is what the rule looks like in Checkpoint.
Thanks in advanced! This could cut down my rule base by a few lines.
10-12-2007 12:43 PM
There is no predefinied RFC1918 grouping in the ASA
10-13-2007 08:24 AM
There is NO RFC1918 in checkpoint either.
The user has to create that.
What he is asking will require two separate
line of groups to do the trick. The first
line in the ACL should block RFC1918 addresses
while the second ACL line permit from Any.
Pix ACL is dumb, it is not smart as checkpoint
policy.
10-15-2007 04:57 AM
Thank you Kevin. That is what I thought but was hoping the ASA was smarter then that.
Two ACLs it is then.
Thanks again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: