Hello All
Cisco ASA 5545
ASA Version: 9.8(2)28
ASDM Version: 7.9(2)152
We are having some issues with the ASA FW access rules. We had major network issues yesterday and to eliminate the factors, we added permit any/any for outside interface and global to rule out the FW issue. It turned out that the ASA FW wasn’t at fault but something else was.
However this morning when had a look, permit Any/Any rule removed the rest of the rules from outside interface. We realised that we were to add any/any rule in a certain line number. Rules are still present in the ACL Manager however not in the interface.
I started manually attaching the rules to the interface but realised that FW is also applying the similar rules to Global interface which is not desired. I have tried creating a new rule, copying a rule from another interface to outside interface but FW apply the same rule to outside and global interfaces. I tried deleting a rule from Global which also deletes from Outside Interface as well and vise versa.
Is there a way that we can move Access Rules from ACL Manager to Outside Interface?
5545X-ASA# sh resource usage
Resource Current Peak Limit Denied Context
SSH Server 1 2 5 0 CTX-SVRS
ASDM 3 5 5 0 CTX-SVRS
Syslogs [rate] 1171 22629 unlimited 0 CTX-SVRS
Conns 25608 86188 unlimited 0 CTX-SVRS
Hosts 5832 8882 unlimited 0 CTX-SVRS
Conns [rate] 356 6018 unlimited 0 CTX-SVRS
Inspects [rate] 103 3637 unlimited 0 CTX-SVRS
Routes 25 25 unlimited 0 CTX-SVRS
Syslogs [rate] 0 72 unlimited 0 Legacy-LAN333
_______________________________________
5545X-ASA# show inventory
Name: "Chassis", DESCR: "ASA 5545-X with SW, 8 GE Data, 1 GE Mgmt"
PID: ASA5545 , VID: V05 , SN: FTX2130W1LE
Name: "power supply 0", DESCR: "ASA 5545-X/5555-X AC Power Supply"
PID: ASA-PWR-AC , VID: N/A , SN: 75N1B7
Name: "power supply 1", DESCR: "ASA 5545-X/5555-X AC Power Supply"
PID: ASA-PWR-AC , VID: N/A , SN: 3871LL
_________________________________________________________