Solved: Implicit interface rule

mahesh18 · ‎06-13-2013

Hi Everyone,

I read below line --

Implicit interface access rule that permits all IP traffic from high security level to low security level interface is disabled

automatically after the global access list has been defined and applied.

Need to know what does it mean?

I know global ACL applies to whole ASA,its for traffic for the ASA itself and is always in inward direction.

Regards

MAhesh

Julio Carvajal · ‎06-13-2013

Hello Mahesh,

Exactly,

If global ACL it's applied to all of the interfaces in the IN direction, then the implicit rule of :

'All traffic from higher to lower security level will be lost"

Why?

Because u will be allowing now only what's permitted in the Global ACL

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎06-14-2013

Hello Mahesh,

No, is not to the ASA only ( I mean it will filter data-plane and control plane traffic. Not just control-plane)

So it's traffic across and to the ASA,

Where did u hear it was to the ASA only?

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎06-13-2013

Hello Mahesh,

Exactly,

If global ACL it's applied to all of the interfaces in the IN direction, then the implicit rule of :

'All traffic from higher to lower security level will be lost"

Why?

Because u will be allowing now only what's permitted in the Global ACL

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎06-14-2013

Hi Julio,

But global ACL is for traffic to the ASA itself not passing through it.

ACL is for traffic passing through the ASA.

When you say 'All traffic from higher to lower security level will be lost" does this mean traffic passing through the ASA or traffic to the ASA itself?

Thanks

Mahesh

Julio Carvajal · ‎06-14-2013

Hello Mahesh,

No, is not to the ASA only ( I mean it will filter data-plane and control plane traffic. Not just control-plane)

So it's traffic across and to the ASA,

Where did u hear it was to the ASA only?

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎06-14-2013

Hi Julio,

May be i am wrong.

I will double check that and will update you.

Regards

Mahesh

Julio Carvajal · ‎06-14-2013

Hello Mahesh,

Sure, take ur time,

Regards,

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎06-15-2013

Hi Julio,,

You are right Sir.

i was confusing this with Management access rule in the ASDM.

I again listen my training videos and it confirmed that you are correct.

Regards

MAhesh

Message was edited by: mahesh parmar

Julio Carvajal · ‎06-15-2013

Hello Mahesh,

My pleasure to help,

What training videos are you studying?

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎06-15-2013

Hi Julio,

CBT Security CCNP --ASA.

They are really good and helping me out to understand the ASA.

Regards

MAhesh

Julio Carvajal · ‎06-16-2013

Hello Mahesh,

Amazing, keep the hard work

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC