10-11-2007 04:43 AM - edited 03-11-2019 04:23 AM
All,
I had a situation where traffic needed to be blocked from one subinterface on the ASA to another, Security-level was setup the same with appropriate NAT and intra security level permissions. The thing was that the ACL needed to be placed signifying source port as opposed to destination port. When i applied the ACL to the subinterface i wanted to secure, nothing worked. I then checked ASDM and the output looked strange (no source ports were being listed).
I guess my question is can you limit traffic by source ports on an ASA using extended access-lists inbound to a subinterface that will scrutinize traffic
For instance,
My subif would be
int f0/0.5
ip address 150.100.10.1
nameif dmz
access-list ch permit tcp host 150.100.10.42 eq 4200 host 10.33.1.47
access-group ch in interface dmz
Will this access-list allow tcp traffic from 150.100.10.42 on port 4200 to any tcp port on 10.33.1.47 and deny all others?
10-11-2007 05:11 AM
Yes, it should.
10-11-2007 05:13 AM
Thank you for the response, much appreciated.
As a followup does ASDM not like to display source ports when viewing the ACL in ASDM utility?
Regards
10-11-2007 05:18 AM
Where exactly in the ASDM are you referring to? There doesn't seem to be a column for source port on the config -> security policy page, only destination port.
10-11-2007 05:46 AM
thats exactly where i was looking, just thought it was strange.. thank you for your responses and their prompt nature
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: