Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
1
Replies

Cisco ASA ACL Question

emilyforcisco1
Level 1
Level 1

‎06-01-2016 12:57 PM - edited ‎02-21-2020 05:49 AM

I'm sure this will be a incredibly easy answer for anyone familiar with setting up a ASA. But I just want to be 100% sure. We had no rules configured on our inside interface so the default rule took over allowing any> allow less secure networks. Now I need to block access to specific internet IP addresses through the firewall. So once I add the access rule any> deny Blocked hosts the default rule disappears. So nobody can get out to the internet. I can fix this by adding another ACL below the deny with Any>Any Permit IP. Would that be the proper ACL to allow all other internet access on the inside interface.

0 Helpful
1 Reply 1

Tim Y
Level 1
Level 1

‎06-01-2016 01:42 PM

Yes, that would accomplish what you want.

Though if you wanted to lock things down further, your access-list could be more specific and only allow what is required. For Internet, it would be tcp/80 and tcp/443. And udp/53 (DNS) depending on what your hosts have configured for a DNS server.

Regards,

Tim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card