cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1421
Views
0
Helpful
3
Replies

Can the PIX/ASA 8.0(4) issue rejects?

joerggrau
Level 1
Level 1

I have gone through all the docs but cannot find any mention on how to set up a "reject" instead of the regular "deny" in an access rule.  I have some legacy Checkpoint Firewalls and want to migrate them over to some of my ASAs.  Some rules ont he Checkpoint specifically state "reject" (for NetBIOS stuff etc.).  Is this possible ont he ASA?

How do you "reject" certain traffic, while still doing a "deny" and a "permit" on other traffic?

Thanks

Joerg

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

It depends on what you mean by reject. If you mean sending a Reset then you can enable it global with "service resetinbound" and "service resetoutbound" for packets denies by ACLs.

I hope it helps.

PK

So it is a global setting?  So I need to decide if I want a reset send for every deny or non at all?

Unfortunately you cannot do it on a per rule basis.

For protocols that the ASA can inspect like http etc, you can send resets based on matched criteria and that is done using class maps and policy maps. not use what you protocols are, so I am not sure.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: