Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
161
Views
0
Helpful
1
Replies

Traffic to and from the ASA Firewall

muazzamss
Level 1
Level 1

‎04-14-2015 10:57 AM - edited ‎03-11-2019 10:46 PM

How the access to / from the ASA device controlled?

 

1. What about traffic originating from the ASA? Example Syslog traffic, SNMP trap, TACACS etc. going to devices to the "inside" interface. Do we need any kind of access list or how do we control this traffic?

2. Traffic coming to the ASA firewall itself? Ex: ICMP, SNMP etc. What if this traffic is coming from outside interface?

Labels:
0 Helpful
1 Reply 1

Pranay Prasoon
Level 3
Level 3

‎04-14-2015 11:56 AM

Hi,

For ssh, telnet http and icmp, you can control traffic with command like

ssh <network> <subnet mask> interface

telnet <network> <subnet mask> interface

http <network> <subnet mask> interface

icmp permit/deny

 

the initial three command are for traffic coming to ASA. ICMP can be used in both outbound or inbound traffic.

 

However, you can also use control-plane access-list, since interface level access-list is only for through-the-box traffic.

 

However, above three commands take preference over control-place access-list.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_rules.html

 

See "management access rules section"

 

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card