01-02-2008 12:01 AM - edited 03-12-2019 05:56 PM
I have an ASA 5505 Security Plus appliance.
The problem that I am having is denying incoming access to host inside my network.
Below is my current access list.
access-list inbound extended permit tcp any host Exchange01_Outside eq smtp
access-list inbound remark webmail requests for exchange01
access-list inbound extended permit tcp any host Exchange01_Outside eq www
access-list inbound remark Permitting PPTP Connections Through the ASA
access-list inbound extended permit gre any host DC01_Outside
access-list inbound extended permit tcp any host DC01_Outside eq pptp
access-list inbound extended permit tcp any host DC01_Outside eq 3389
access-list inbound extended permit tcp any host Web001_Outside eq www
access-list inbound remark http requests for Web001
access-list inbound extended permit tcp any host Web001_Inside eq www
access-list inbound extended permit icmp any any
access-list Client_Access_splitTunnelAcl standard permit any
access-list inside/LAN_nat0_outbound extended permit ip any 10.1.2.0 255.255.255.0
access-list inside/LAN_access_in extended permit ip any any
access-list inside/LAN_access_in extended permit icmp any 10.1.0.0 255.255.0.0
access-list Client_Access_splitTunnel extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list jasztech_users_splitTunnelAcl standard permit any
01-08-2008 09:24 AM
By default all incoming connections to inside network are denied by the ASA, except if an access list on the interface allows this. Following link may help you
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/traffic.html
01-08-2008 10:54 AM
Thanks for following up with me. I'll check out the link you provided, follow up with you with my findings.
Thanks Again,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide