01-12-2024 02:08 PM
I need to block some public addresses (19.16.0.0/16 for example) from attempting to connect to my ASA.
# already have this:
object network spam_ip_19_16
range 19.16.0.0 19.16.255.255
access-list acl_block_ip extended deny ip object spam_ip_19_16 any
# This does not appear to do anything. As it is not attached to anything, I would not expect it to work.
# Need it to work on the public interface.
# This is also already in place
access-list public_access_in extended deny ip any any log
access-group public_access_in in interface public
# additional configuration items
access-list no_access standard deny 10.0.0.0 255.0.0.0
access-list no_access standard deny 172.16.0.0 255.24.0.0
access-list acl_somenet standard permit 10.0.0.0 255.0.0.0
access-list acl_somenet standard permit 172.16.0.0 255.24.0.0
group-policy no_access internal
group-policy no_access attributes
vpn-filter value no_access
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value acl_somenet
webvpn
anyconnect....
anyconnect.....
#Then several of these...
dynamic-access-policy-record xxxxx
network-acl acl_xxxxx
Does dynamic access change the way ACLs are configured and used?
And is there a way in this configuration to block connections from the public Internet?
ASA version 9.16(4)27
Solved! Go to Solution.
01-12-2024 02:11 PM - edited 01-12-2024 02:19 PM
@debbiebeitler you can use a control-plane ACL to restrict traffic to the ASA itself.
The example below is for FTD but you use the same CLI syntax on the ASA.
https://integratingit.wordpress.com/2021/06/26/ftd-control-plane-acl/#more-10978
01-12-2024 02:11 PM - edited 01-12-2024 02:19 PM
@debbiebeitler you can use a control-plane ACL to restrict traffic to the ASA itself.
The example below is for FTD but you use the same CLI syntax on the ASA.
https://integratingit.wordpress.com/2021/06/26/ftd-control-plane-acl/#more-10978
01-12-2024 02:19 PM
https://ccnpsecuritywannabe.blogspot.com/2021/04/cisco-asa-firewall-shun-command.html?m=1
Check shun command, it can help you
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide