04-02-2012 10:10 AM - edited 03-11-2019 03:49 PM
Hello, I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something reagrding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom. What am I missing?
Thanks for your help.
Jordan
Solved! Go to Solution.
04-02-2012 10:31 AM
So its an ACL rules issue.
(1) keep allow rule for time period as youve allowed.
(2) Insert a rule right after this
Deny all on 3389.
At this point the packet will be dropped.
Give it a test and see what happens
04-02-2012 10:31 AM
So its an ACL rules issue.
(1) keep allow rule for time period as youve allowed.
(2) Insert a rule right after this
Deny all on 3389.
At this point the packet will be dropped.
Give it a test and see what happens
04-02-2012 10:47 AM
Thanks so much that solved the problem!
Thanks,
Jordan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide