Control Traffic Higher Security Level to Lower Security Level

anhnt621994 · ‎06-03-2024

Hi everyone,

Im use ASA 5506-X ver 7.2. I know all traffic can flow from Higher Security Level to Lower Security level but Is it possible to create a limit IP list can accessing outside and how I can configure this?

Thanks

MHM Cisco World · ‎06-03-2024

if you try to tune access to asa interface itself Use control-plane ACL

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html

if other please can you more elaborate

MHM

balaji.bandi · ‎06-03-2024

I would suggest 7.2 Code is too old, there many things changed after that, so better upgrade latest to 9.16 (last released for that product) - when you upgrade many things are changed so your old configuration may not work as expected, so read the changes and make necessary changes as needed.

you can have ACL only Allow IP and rest deny in the ACL is that not works for you ?

other way you can only add required address to NAT, rest they will be not allowed. (may be bit of manual task that work)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

anhnt621994 · ‎06-06-2024

Thank for your reply.

I tried to add ACL here (file attached) but I can't override the access of security level 100, any IP in this interface can reach other. Do I need to choose other level security for this interface and apply ACL?

Sorry my knowledge is not good so I dont know how to use control plan access control in my situation.

About the version, because the device place in OT network so we cant update usually.

MHM Cisco World · ‎06-06-2024