Showing results for 
Search instead for 
Did you mean: 

Cisco ASA 5505 Rule

Level 1
Level 1

I have an ASA 5505 router. I have configured most of the rules, but have had assistance from online forums and outside consultants

configuring some rules. There is one in my configuration that I do not understand, and I do not remember entering it myself. The rule is blocking traffic

when a server on the private side tries to send http traffic to itself. Not sure what the purpose of the rule is or why it is there.

When I click on rule 35, it highlights both 35 and 36.

#   Type       Source destination service interface address service DNS Rewrite Max TCP   Ebbronic Limit Max UDP... Randomize Seq #

--- -------       -------    ------------    --------   ---------    -------     ---------- -------------       -------------  ------------------- ---------------- ----------------

35 Dynamic any     <blank>     <blank>  inside      inside   <blank> <blank>     Unlimited Unlimited     Unlimited <checked>

36 <blank> <blank> <blank>   <blank>  outside    outside <blank> <blank>     Unlimited Unlimited     Unlimited

I am hesitant to delete the rule until I know the purpose.

I am not sure but the rule below may be what is generatig it (I am not familiar withg command line commands):

access-group outside_access_in in interface outside

route outside 1

Can someone tell me whay this is for, or what it is doing?                  

12 Replies 12

Level 9
Level 9


just to make sure, you may want to schedule a maintenance window if you want to make changes on your FW ACL.

refer to comments on the said 2 lines.

access-group outside_access_in in interface outside   <<< ACL with name "outside_access_in" is applied "inbound" on the "outside" interface

route outside 1   <<< static default route towards the "outside" interface hops to IP with metric/AD of 1.