how can i creat a VACLs on the firewall to prevent specific vlan?

Answered Question
May 31st, 2010

dear experts,

hello,

how can i creat a VLAN Acess control list on the asa firewall to control the traffic that goes from vlan to another vlan through the asa firewall?

thanks for your urgent response

makar

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 7 months ago

Yes.

You can definitely control traffic coming from one interface of the ASA going out to another interface.

You do this with ACLs, i.e

access-list inside deny ip any host x.x.x.x

access-list inside permit ip any any

access-group inside in interface inside

The above configuration will deny IP traffic from any source to destination host x.x.x.x and will allow everything else.

It is applied inbound on the inside interface.

You can change IP to be TCP/UDP or other protocol and be specific about the ports that you want to filter.

Every ACL should be applied to an interface in the correct direction (in,out) and everything not specified in the ACL is denied.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
labibmakar Mon, 05/31/2010 - 06:35

thanks for your reply

ok, but when i segregated my network to vlans in a multilayer switching and connect these switches to the firewalls,

can i creat ACLs to control the traffic that came from a specific subnet to another subnet or even the internet?

thanks

makar

Correct Answer
Federico Coto F... Mon, 05/31/2010 - 06:40

Yes.

You can definitely control traffic coming from one interface of the ASA going out to another interface.

You do this with ACLs, i.e

access-list inside deny ip any host x.x.x.x

access-list inside permit ip any any

access-group inside in interface inside

The above configuration will deny IP traffic from any source to destination host x.x.x.x and will allow everything else.

It is applied inbound on the inside interface.

You can change IP to be TCP/UDP or other protocol and be specific about the ports that you want to filter.

Every ACL should be applied to an interface in the correct direction (in,out) and everything not specified in the ACL is denied.

Federico.

Actions

This Discussion