04-26-2017 06:52 AM - edited 03-12-2019 02:16 AM
Hi you all,
Where do I implement firewall rules in a Cisco Asa with Firepower?
Is it in Asa Module or Firepower Module?
Thanks
04-26-2017 07:46 AM
In the ASA.
04-26-2017 08:28 AM
Ok,
So now i'm facing another issue.
I configured a remote vpn, cisco anyconnect, but the traffic goes trough my firewall rules, I mean, nothing is dropped, everything passes to my local interface.
What am I missing?
04-26-2017 08:46 AM
By default that is the correct behavior. If you need to restrict access then you will have to create an ACL.
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6
04-26-2017 08:55 AM
That's correct.
And I created a rule for all interfaces denying everything.
Any to Any Deny.
access-list INSIDE_access_in extended deny ip any any
access-list ART_access_in_1 extended deny ip any any
access-list NOS_access_in extended deny ip any any
But still working. I cannot see what's missing.
04-26-2017 01:52 PM
My first comment is that you show us access list configuration but do not show us how the access lists are applied and how they are applied is critical to whether they work or not.
But the really important comment is that for AnyConnect the normal behavior is that access lists on interfaces do not evaluate or control AnyConnect VPN traffic. The expected behavior is that anything that comes into the ASA via AnyConnect will be allowed to pass through the ASA. If you want to control VPN traffic you should look into using VPN filters.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide