01-31-2008 07:13 AM - edited 02-20-2020 09:40 PM
I'm a CLI junkie now using ASDM v5.2(3) on ASA55x0. Where are the named access-lists I'm used to working with in PIX 6.3(x) CLI? I want to continue to create my named access-lists so I and my colleagues can continue to use our standard templates for configuration tasks. I'm not interested in the ones created automatically such as "access-list in_out-back_forth-UpDown-interfaceSomeWhere0.1". These only confuse my staff when trynig to complete config tasks.
01-31-2008 07:35 AM
As far as I know the names of the acl's are not displayed in Config -> Firewall -> Security Policy, but the names are displayed in the "Acl Manager". Not sure how to get to this in asdm 5, I think one way is through VPN -> Group Policy-> Client Configuration-> Split Tunnel -> Manage (ACL List)
01-31-2008 08:05 AM
Adam - yes you are correct - strange that they have to be accessed via Split Tunnel Network List, but so be it. I can now create a named ACL with our standardized names, but how do I reference it by name later when applying to some policy?
Typically one might have:
access-list AllowInbound
permit icmp any interface outside echo-reply
permit icmp any interface outside unreachable
permit icmp any interface outside time-exceeded
!
access-group AllowInbound in interface outside
!
Thx - Phil
01-31-2008 08:11 AM
Once the acl "AllowInbound" is created you can still edit/add to it in the Config -> Firewall -> Security Policy page.
Although it is not referenced by the name "AllowInbound", you will notice that the regular security policy page references the acl's by which interface they are assigned to and which direction. Therefore in the above example, you can edit the rules under the heading "outside (# incoming rules)".
01-31-2008 08:25 AM
Adam - thx for the help. I will have to rethink the use of ASDM for initial config by our techs. We have standardized templates that they copy/paste into the CLI. The ASDM is nice, but it tends to hide too much and to me at least makes it difficult to config the device the way I need to.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide