Access List Firewall ASA5505

Unanswered Question
Jul 26th, 2008

Hi Experts,

I have an question about access-listing.

Information:

Firewall with three vlan`s.

1 INSIDE

2 OUTSIDE

3 BACKUP

Is it possible to only make an ACL from inside to backup segment? On this moment i have an server in inside with smtp any. But is want make an deny rule of this server from inside to backup vlan smtp.

is this possible? If somebody know the answer please can you send my the cmdlets.

Thanks a lot!

Bart.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
supportvoiceit Sun, 07/27/2008 - 01:58

There are so lot of information on that website, that i cannot find the information what i need.

I want the following:

ACL from INSIDE server to OUTSIDE any permit SMTP (public-ip-address).

and when the outside is down (ISP-failover)

ACL from INSIDE to BACKUP deny smtp smarthost isp first one

ACL from INSIDE to BACKUP permit smtp any

Is this possible?

One this momment i can not select an network als exampel BACKUP en then deny specified ip.

I Hope somebody can helping my or have experience with this..

Marwan ALshawi Sun, 07/27/2008 - 02:08

it sounds not hard

but i couldnt understand ur requirements

could u send a bit more clear details about ur requerments to let me help u

thank u

supportvoiceit Sun, 07/27/2008 - 02:20

Oke,

Is it possible to make an access-list only for permit our denied traffice what is incomming on specify interface.

I have an inside vlan what needs permitting smtp when its routing to the outside interface.

When the outside interface is down the cisco firewall does make an auto routing to the backup interface.

Know i want an access-list that deny traffic smtp from inside to the backup interface.

I think this is possible with outbound access-listing?

Marwan ALshawi Sun, 07/27/2008 - 02:31

sure u can

if ur traffic going to known/spesified subnet or network u can use outbound ACL in the IN direction on ur inside interface

but if u dont know i mean the destination in ur ACL is any

then mak a deny statment in an ACL that deny whatever traffic u want

and apply it in outbound direction on the backup interface

access-list 100 deny tcp host 1.1.1.1 any eq smtp

access-list 100 permit ip any any

access-group 100 OUT interface backup

good luck

please, Rate if helpful

Actions

This Discussion