Cisco ASA-5520 ACL with PAT

Unanswered Question
Feb 15th, 2007


I am using PAT with my cisco ASA5520.

I want to block the unnecessary ports by applying the ACL on outside interface to secuse my inside network.Could it be possible using an inside private address as a source address in the ACL.If not then what is the way to apply acl with PAT?

ur quick response will be highly appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vitripat Fri, 02/16/2007 - 09:39

By default, everything from outside to inside is blocked. You dont need a ACL for this. If this doesnt answer your concern, could you clarify a little bit more on this ?

shomar Fri, 02/16/2007 - 12:44


it is not possible to use the private ip addresses on the ACL on the outside interface, instead you can use the PAT address.

for example you can apply the following on the outside ACL:

access-list test deny tcp any host x.x.x.x range y-z


x.x.x.x: the PAT ip address

y-z: the port rang you want to block.

hopefully this is will fulfill your needs :) if not I appreciate if you explain further.


This Discussion