10-12-2007 06:19 AM - edited 03-11-2019 04:24 AM
I am in the middle of a Checkpoint to ASA conversion and so far it's gone pretty well.
My current problem though is that Checkpoint allowed for me to create an ACL that I could specify a group I created called RFC_1918_Group would not be allowed coming in my outside int but everything else would be allowed.
Any way to do this in the ASA without creating a permit statement along with a deny statement?
Attached is what the rule looks like in Checkpoint.
Thanks in advanced! This could cut down my rule base by a few lines.
10-12-2007 12:43 PM
There is no predefinied RFC1918 grouping in the ASA
10-13-2007 08:24 AM
There is NO RFC1918 in checkpoint either.
The user has to create that.
What he is asking will require two separate
line of groups to do the trick. The first
line in the ACL should block RFC1918 addresses
while the second ACL line permit from Any.
Pix ACL is dumb, it is not smart as checkpoint
policy.
10-15-2007 04:57 AM
Thank you Kevin. That is what I thought but was hoping the ASA was smarter then that.
Two ACLs it is then.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide