Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
3
Replies

Understanding access rules

Jacob Berger
Level 2
Level 2

‎05-12-2012 10:52 PM - edited ‎03-11-2019 04:06 PM

am trying to config a FWSM by ASDM 6.2f.

there are formerly configured interfaces and new interfaces i created.

when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.

1. what wrong with the new interfces i created?

2. whats the logic of auto adding a rule to "all" interfaces , the rules are incoming rules  specific to interfaces or groups , why add the to the rule to  "all" intefaces?.

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-13-2012 01:00 AM

1. With the new interfaces you created, you would also need to assign the access rule to the interface:

access-group in interface

2. Each interface should really have unique rules that correspond to that particular interface, instead of having 1 same rule set to all interfaces. How does your current configuration look like?

0 Helpful

Jacob Berger
Level 2
Level 2
In response to Jennifer Halim

‎05-13-2012 04:24 AM

hi jennifer

1. i have some 20 interfaces(vlans) when i add a new incoming  rule to a old interface ( not one i created) it gets added automaticlly to all the old interfaces but not to the new ones.

2.  my config:

i see all the interfaces with identical rules under them

as i stated above, no matter under which interface i create the rule , it gets duplicated under  the other interfaces ( only the old ones)

i am new to ASDM with vlans so im not sure how thing should be working

thanks

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Jacob Berger

‎05-13-2012 04:36 AM

1. In that case, as stated on your point number 2 that you have the same rule applied to all the interfaces. Hence when you create a rule it gets added to all interfaces.

2. Two steps to configure access rules and apply to interface:

Step 1: configure the access rules

Step 2: apply it to the interface (this only needs to be applied once, so if you create a new interface, you would need to apply the access rules to the new interface).

Each interface can have different access rule name:

Example:

access-list acl-inside permit tcp any any eq 80

access-list acl-inside permit tcp any any eq 443

access-group acl-inside in interface inside

access-list acl-outside permit tcp any host 1.1.1.1 eq 80

access-group acl-outside in interface outside

Hope that answers your question.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card