cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

300
Views
0
Helpful
1
Replies
shane
Beginner

ASA 5505 ASA ver 9.1 Ransomware limitation

Hello. in an attempt to stop the spread of Ransomware I am putting together a plan on how we can segregate the NAS in a second VLAN "VLAN3"

I have created the VLAN and assigned the required port to it.

I have also have 2 addresses inside that VLAN (VLAN IP and Device IP)

My Plan to limit the amount of damage ransomware damage by putting the NAS in a vlan and only allowing traffic from out Veeam server to access it. all other traffic to it should be blocked.

My Setup

IP address of the ASA is 10.0.0.1/24

IP DHCP range 10.0.0.6 - 10.0.0.60

inside VLAN1 10.0.0.0/24

outside "my public IP range" over PPPOE

VLAN3 IP Address 192.168.100.254

Device in VLAN 3 can get outside (internet access) "I Know how to stop this as I don't want it"

But all devices on my LAN can ping the NAS (and I only want one device which is in VLAN1 to access it)

so I'm guessing what I am looking for here is "allow all traffic from inside host "10.0.0.1" to host in VLAN3 and vice versa" but only these two host should be able to talk no other device can be allowed.

this is a side project to help protect our clients.."a very important side project"

I am new enough to the ASA and I would like if you could help me out with this. any information required will be given and advise is greatly appreciated, Oh CISCO community please help me with this one?

please don't assume I know lots because when it comes to the ASA5505 I am a noob. if any information is required please let me know and I will get it straight away and post back.

Kind Regards,

Shane

1 REPLY 1
Simon Brooks
Beginner

Instead of having trying to restrict access blah blah coming in on the inside and making it complicated,  just have an access list outbound on vlan3 interface that blocks evrything apart from Veeam as a source IP.