ASA5520 ACLs Help Needed

Unanswered Question
Feb 11th, 2007

Hello

i have to apply an acl to secure my inside network with the traffic comming from outside.So on what interface and in what direction i can use acl?

Another thing is that a host is nat with inside interface if i apply acl on this interface what will be the acl direction and on what interface.

Your quick response will be highly apreciated thanx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 02/11/2007 - 23:47

Hi

If you want to secure your inside network from traffic coming from outside then you want to apply your acl on the interface that connects to the outside and you want to apply it in the inbound direction.

Coudl you explain the NAT setup a bit more clearly ?

HTH

Jon

nacertified Mon, 02/12/2007 - 02:09

actually we r using PAT means we have one public ip and we use the syntax

"nat inside 1 192.168.10.1 255.255.255.255"

so my question is can i apply an acl using host 192.168.10.1 as my destination address

Jon Marshall Mon, 02/12/2007 - 02:23

Hi

If you are applying your acl on the outside interface in an inbound direction to restrict traffic from the outside you need to use the Natted address. But this won't work if you are using PAT.

If a packet comes from the outside with the destination address of your public ip and you hide all your private addresses behind this one public address your router won't know which private host to send the traffic to.

Does this make sense ?

Jon

Actions

This Discussion