Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
1
Replies

ASA 5515-x - Access List Question

adamtodd16
Level 3
Level 3

‎06-23-2014 10:53 AM

Just inherited an ASA 5515-x and have a quick question. The default access list for  inbound traffic is set to: 

access-list outside_access_in extended permit ip any any

Well, my alarm bell immediately go off when I see this. Just want to ensure the access list will function similar to that of a cisco router. The ASA is the front facing Internet device, with AnyConnect Clients and 8 spoke sites connecting over VPN. There are no web servers behind it, just a LAN with 3 separate VLANS.

Wondering what the ACL should look like?

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-23-2014 12:00 PM

Yikes. That's almost never the access-list one would want on an Internet-facing firewall.

If there are no addresses requiring inbound-initiated connections via the firewall then there generally doesn't need to be ANY access-list on the outside interface - the default will prevent any from establishing. Your site-site and remote access VPN will be covered by the services bound to the interface (and access-lists referenced by crypto maps etc.).

0 Helpful
Customers Also Viewed These Support Documents