Can the PIX/ASA 8.0(4) issue rejects?

Unanswered Question
Mar 3rd, 2010

I have gone through all the docs but cannot find any mention on how to set up a "reject" instead of the regular "deny" in an access rule.  I have some legacy Checkpoint Firewalls and want to migrate them over to some of my ASAs.  Some rules ont he Checkpoint specifically state "reject" (for NetBIOS stuff etc.).  Is this possible ont he ASA?

How do you "reject" certain traffic, while still doing a "deny" and a "permit" on other traffic?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Wed, 03/03/2010 - 08:13

It depends on what you mean by reject. If you mean sending a Reset then you can enable it global with "service resetinbound" and "service resetoutbound" for packets denies by ACLs.

I hope it helps.


joerggrau Wed, 03/03/2010 - 08:47

So it is a global setting?  So I need to decide if I want a reset send for every deny or non at all?

Panos Kampanakis Wed, 03/03/2010 - 09:04

Unfortunately you cannot do it on a per rule basis.

For protocols that the ASA can inspect like http etc, you can send resets based on matched criteria and that is done using class maps and policy maps. not use what you protocols are, so I am not sure.



This Discussion

Related Content