ASA Configuration help Required

Unanswered Question
Nov 23rd, 2009
User Badges:

Hi,


Need help in configuring the ASA Firewall. We have a ASA Firewall in which one interface is WAN link, one is production link and the other is the connectivity to corporate location.


My production servers will be sitting behind the production interface.

Any server which will communicate from corporation link will pass through the corporation interface and then through Production interface.

Any traffic from WAN link will pass through WAN interface and then through Production interface.



Now my doubt is on production interface rules are not binded to incoming or outgoing...i.e..when i create a rule on production incoming interface this is getting replicated to the production outgoing interface. How should i configure so that i can create separate rules on production incoming and production outgoing.


In current scenario when traffic from wan is coming rule has to be configured on production interface also and also traffic from Corporate office also i need to configure on production interface. And all the rules are replicating on incoming as well as outgoing.


Please let me know how best i can configure the firewall so that i can be clear in creation of rules. I hope my question is understandable.


Thanks in Advance.

Krishna.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 11/23/2009 - 06:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sairamteju wrote:


Hi,


Need help in configuring the ASA Firewall. We have a ASA Firewall in which one interface is WAN link, one is production link and the other is the connectivity to corporate location.


My production servers will be sitting behind the production interface.

Any server which will communicate from corporation link will pass through the corporation interface and then through Production interface.

Any traffic from WAN link will pass through WAN interface and then through Production interface.



Now my doubt is on production interface rules are not binded to incoming or outgoing...i.e..when i create a rule on production incoming interface this is getting replicated to the production outgoing interface. How should i configure so that i can create separate rules on production incoming and production outgoing.


In current scenario when traffic from wan is coming rule has to be configured on production interface also and also traffic from Corporate office also i need to configure on production interface. And all the rules are replicating on incoming as well as outgoing.


Please let me know how best i can configure the firewall so that i can be clear in creation of rules. I hope my question is understandable.


Thanks in Advance.

Krishna.


Krishna


If you want to control inbound and outbound traffic on the same interface ie. in your case the production interface then you can use 2 access-lists. One for inbound traffic ie. traffic from the production network to somewhere else and one for outbound traffic ie. traffic from somewhere else to the production network.


Each interface on an ASA support 2 access-list one in each direction. You specify the direction when you bind the acl to the interface eg.


access-group prod_in in interface production

access-group prod_out out interface production


where prod_in and prod_out are the names of the access-lists and the interface is called production.


Jon

Actions

This Discussion