02-10-2015 06:55 AM - edited 03-11-2019 10:29 PM
I've got an ASA with two "outside" interfaces and twelve "inside" interfaces.
I'd like to separate the Access Lists between outside access and inside access. By default I'd like the inside interfaces access to the internet and nothing else and then build the ACL's to allow access between inside interfaces.
I can't imagine this being very difficult to achieve but I've spent quite sometime trying to accomplish this but haven't been able to make it work how I would like.
Does anyone have any tips?
Thanks,
Carlos
Solved! Go to Solution.
02-10-2015 05:51 PM
Carlos,
How I normally handle this is to build a network object group and place the RFC 1918 networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) in it and then do a deny to these networks with an allow IP any/any to the outside (internet).
HTH
02-10-2015 05:51 PM
Carlos,
How I normally handle this is to build a network object group and place the RFC 1918 networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) in it and then do a deny to these networks with an allow IP any/any to the outside (internet).
HTH
02-13-2015 07:21 AM
That's what I initially had setup but was wondering if there was another way. Either way, this method does the job.
07-29-2015 12:07 AM
Well, as the other way you can try to use a securety-level at the interfaces. Give the same level to internal interfaces (for example 80) and the same level for outside intefaces, but with less number (for example 30). And deny communication between interfaces with the same level (it is by default at the ASA devices). At this rate all internal interfaces can have access to outside interfaces and don't have access to each other (they could have access only if you have permit lines at the ACLs). From the other side all outside interfaces wouldn't have access to internal interfaces.
Best Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide