Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
1
Replies

ASA 5505 ASA ver 9.1 Ransomware limitation

shane
Level 1
Level 1

‎11-19-2016 05:25 PM

Hello. in an attempt to stop the spread of Ransomware I am putting together a plan on how we can segregate the NAS in a second VLAN "VLAN3"

I have created the VLAN and assigned the required port to it.

I have also have 2 addresses inside that VLAN (VLAN IP and Device IP)

My Plan to limit the amount of damage ransomware damage by putting the NAS in a vlan and only allowing traffic from out Veeam server to access it. all other traffic to it should be blocked.

My Setup

IP address of the ASA is 10.0.0.1/24

IP DHCP range 10.0.0.6 - 10.0.0.60

inside VLAN1 10.0.0.0/24

outside "my public IP range" over PPPOE

VLAN3 IP Address 192.168.100.254

Device in VLAN 3 can get outside (internet access) "I Know how to stop this as I don't want it"

But all devices on my LAN can ping the NAS (and I only want one device which is in VLAN1 to access it)

so I'm guessing what I am looking for here is "allow all traffic from inside host "10.0.0.1" to host in VLAN3 and vice versa" but only these two host should be able to talk no other device can be allowed.

this is a side project to help protect our clients.."a very important side project"

I am new enough to the ASA and I would like if you could help me out with this. any information required will be given and advise is greatly appreciated, Oh CISCO community please help me with this one?

please don't assume I know lots because when it comes to the ASA5505 I am a noob. if any information is required please let me know and I will get it straight away and post back.

Kind Regards,

Shane

Labels:
0 Helpful
1 Reply 1

Simon Brooks
Level 1
Level 1

‎11-21-2016 03:23 PM

Instead of having trying to restrict access blah blah coming in on the inside and making it complicated,  just have an access list outbound on vlan3 interface that blocks evrything apart from Veeam as a source IP.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents