please give example of security rule in ASA 5520

Unanswered Question
Nov 1st, 2008

is the security rule in asa 5520 follow the same style with the acl in cisco 3000 and 4000 series switch where always acl is having implicit deny(so after any deny of any type we have to put permit ip any any)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 11/01/2008 - 12:22

Yes there is an implicit deny ip any any at the end of an acl on the ASA.


The major difference between ASA/Pix acls and router acls is that the pix and asa use normal subnet masks whereas a router uses inverse masks so the router acl


access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255


would translate to


access-list outside_in permit ip 192,168.5.0 255.255.255.0 172.16.5.0 255.255.255.0


Jon

kb.choudhury Sun, 11/02/2008 - 08:02

many many thanks for your reply. we are connecting client from inside zone (high security) to out side zone server(low security)by 3rd party (different vendor)ipsec in transport mode by routed mode ASA 5520. how can the client be connected to server by the same ipsec in transport mode by NAT in ASA 5520 if everything is allowed in the security rule? please keep in mind that the ipsec transport is between client and server.

Actions

This Discussion