02-15-2007 10:14 PM - edited 03-11-2019 02:34 AM
hello
I am using PAT with my cisco ASA5520.
I want to block the unnecessary ports by applying the ACL on outside interface to secuse my inside network.Could it be possible using an inside private address as a source address in the ACL.If not then what is the way to apply acl with PAT?
ur quick response will be highly appreciated.
Thanx
02-16-2007 09:39 AM
By default, everything from outside to inside is blocked. You dont need a ACL for this. If this doesnt answer your concern, could you clarify a little bit more on this ?
02-16-2007 12:44 PM
Hi
it is not possible to use the private ip addresses on the ACL on the outside interface, instead you can use the PAT address.
for example you can apply the following on the outside ACL:
access-list test deny tcp any host x.x.x.x range y-z
where:
x.x.x.x: the PAT ip address
y-z: the port rang you want to block.
hopefully this is will fulfill your needs :) if not I appreciate if you explain further.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: