02-18-2018 06:03 AM - edited 02-21-2020 07:22 AM
I have an old infrastructure managed by another entity transferred to me but the ASA firewalls have permit ip any any statements applied on all interfaces, I need to match the exact IPs hitting this ACL to allow and add more specific statements while performing survey to collect source/destination IPs.
02-18-2018 06:05 PM
Hi
You can take a look on log buffers to see which traffic hit that rule or take a look on your syslog servers if any.
All traffic today is passing to that rule any to any and it will be difficult to determine if it's a normal traffic or not.
The best way is to do an assessment to know what is allowed from external to internal.
You can also look at the Nat statements and create acls accordingly because having any any is the not the only thing that will permit a traffic from outside to inside, you'll need Nat configuration.
02-18-2018 08:23 PM
Hello,
I posted sometime back in a discussion, please see if that helps:
https://supportforums.cisco.com/t5/firewalling/why-use-permit-ip-any/m-p/3324063#M166052
questions are welcome.
-
HTH
AJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide