Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
1
Replies

Restrict communication between two interfaces on ASA

Yashveer Singh
Level 1
Level 1

‎09-01-2016 11:11 AM - edited ‎02-21-2020 05:54 AM

Hi, I have configured 3 interfaces of ASA.  inside, outside and WiFi. Where I have given full internet access to WiFi subnet by allow destination any. WiFi vlan is routable vlan bcoz to access WiFi portal through WiFi subnet. Now to playing with right manner, I have to stop communication between inside and WiFi interface and full internet should be accessible. Please assist me. What policies i need to create on firewall for same.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-02-2016 08:37 PM

Thee interfaces each get unique security level:

Inside 100

Wi-fi 50

Outside 0

By default Inside can communicate to any lower security level i.e., wi-fi and outside.To prevent this, create and apply to acl to inside interface:

access-list inside_access_in extended deny ip any4 <wi-fi network>
access-list inside_access_in extended permit ip any4 any4
access-group inside_access_in in interface inside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card