please give example of security rule in ASA 5520

Unanswered Question
Nov 1st, 2008
User Badges:

is the security rule in asa 5520 follow the same style with the acl in cisco 3000 and 4000 series switch where always acl is having implicit deny(so after any deny of any type we have to put permit ip any any)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sat, 11/01/2008 - 12:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes there is an implicit deny ip any any at the end of an acl on the ASA.

The major difference between ASA/Pix acls and router acls is that the pix and asa use normal subnet masks whereas a router uses inverse masks so the router acl

access-list 101 permit ip

would translate to

access-list outside_in permit ip 192,168.5.0


kb.choudhury Sun, 11/02/2008 - 08:02
User Badges:

many many thanks for your reply. we are connecting client from inside zone (high security) to out side zone server(low security)by 3rd party (different vendor)ipsec in transport mode by routed mode ASA 5520. how can the client be connected to server by the same ipsec in transport mode by NAT in ASA 5520 if everything is allowed in the security rule? please keep in mind that the ipsec transport is between client and server.


This Discussion