ASA: How to block specific IP addrs from Inside->Outside

Unanswered Question
Jul 13th, 2009

(ASA5520 v8.0(4)23)

Need a strategy recommendation on the best way to block access to specific (public) IP addresses from access by Inside hosts. Presently we have no access list rules for Inside>Outside, unlike our DMZ where these permissions are very granular.

What's the best way to do this without having to create a long list of rules to define Inside->Outside traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Mon, 07/13/2009 - 10:37

if you know which outside hosts need blocked from inside hosts you can either create the ACL ingress on the inside interface, or egress on the outside interface.

This would be a good place to use object-groups.


This Discussion