Solved: Cisco ASA Port vs Object in Access Ruloes

Mokhalil82 · ‎06-26-2015

Hi

This might be an easy one but just confuses me slightly as I am just starting out configuring asa firewalls.

When configuring an access rule, what different does it make for the source, if I choose the INSIDE interface or an object group which defines all the inside networks.

Thanks

Marvin Rhoads · ‎06-26-2015

The access list entries should use a group. You would only use the interface itself in an access list entry if you were controlling traffic to the interface itself.

Once you build an access list on an ASA, you then apply it to the necessary interfaces using the access-group command. i.e something like:

access-group inside_access_in_1 in interface inside

View solution in original post

Marvin Rhoads · ‎06-26-2015

The access list entries should use a group. You would only use the interface itself in an access list entry if you were controlling traffic to the interface itself.

Once you build an access list on an ASA, you then apply it to the necessary interfaces using the access-group command. i.e something like:

access-group inside_access_in_1 in interface inside