I had a situation where traffic needed to be blocked from one subinterface on the ASA to another, Security-level was setup the same with appropriate NAT and intra security level permissions. The thing was that the ACL needed to be placed signifying source port as opposed to destination port. When i applied the ACL to the subinterface i wanted to secure, nothing worked. I then checked ASDM and the output looked strange (no source ports were being listed).
I guess my question is can you limit traffic by source ports on an ASA using extended access-lists inbound to a subinterface that will scrutinize traffic
My subif would be
ip address 18.104.22.168
access-list ch permit tcp host 22.214.171.124 eq 4200 host 10.33.1.47
access-group ch in interface dmz
Will this access-list allow tcp traffic from 126.96.36.199 on port 4200 to any tcp port on 10.33.1.47 and deny all others?