cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
0
Helpful
5
Replies

Access List Firewall ASA5505

supportvoiceit
Level 1
Level 1

Hi Experts,

I have an question about access-listing.

Information:

Firewall with three vlan`s.

1 INSIDE

2 OUTSIDE

3 BACKUP

Is it possible to only make an ACL from inside to backup segment? On this moment i have an server in inside with smtp any. But is want make an deny rule of this server from inside to backup vlan smtp.

is this possible? If somebody know the answer please can you send my the cmdlets.

Thanks a lot!

Bart.

5 Replies 5

andrew.prince
Level 10
Level 10

Bart,

Yes it's possible - it is just basic source and destination access-list commands.

The below url is full of information that will help you:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

HTH>

There are so lot of information on that website, that i cannot find the information what i need.

I want the following:

ACL from INSIDE server to OUTSIDE any permit SMTP (public-ip-address).

and when the outside is down (ISP-failover)

ACL from INSIDE to BACKUP deny smtp smarthost isp first one

ACL from INSIDE to BACKUP permit smtp any

Is this possible?

One this momment i can not select an network als exampel BACKUP en then deny specified ip.

I Hope somebody can helping my or have experience with this..

it sounds not hard

but i couldnt understand ur requirements

could u send a bit more clear details about ur requerments to let me help u

thank u

Oke,

Is it possible to make an access-list only for permit our denied traffice what is incomming on specify interface.

I have an inside vlan what needs permitting smtp when its routing to the outside interface.

When the outside interface is down the cisco firewall does make an auto routing to the backup interface.

Know i want an access-list that deny traffic smtp from inside to the backup interface.

I think this is possible with outbound access-listing?

sure u can

if ur traffic going to known/spesified subnet or network u can use outbound ACL in the IN direction on ur inside interface

but if u dont know i mean the destination in ur ACL is any

then mak a deny statment in an ACL that deny whatever traffic u want

and apply it in outbound direction on the backup interface

access-list 100 deny tcp host 1.1.1.1 any eq smtp

access-list 100 permit ip any any

access-group 100 OUT interface backup

good luck

please, Rate if helpful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: