Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
3
Replies

how can i creat a VACLs on the firewall to prevent specific vlan?

Go to solution
hanyawad
Level 1
Level 1

‎05-31-2010 06:24 AM - edited ‎03-11-2019 10:52 AM

dear experts,

hello,

how can i creat a VLAN Acess control list on the asa firewall to control the traffic that goes from vlan to another vlan through the asa firewall?

thanks for your urgent response

makar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to hanyawad

‎05-31-2010 06:40 AM

Yes.

You can definitely control traffic coming from one interface of the ASA going out to another interface.

You do this with ACLs, i.e

access-list inside deny ip any host x.x.x.x

access-list inside permit ip any any

access-group inside in interface inside

The above configuration will deny IP traffic from any source to destination host x.x.x.x and will allow everything else.

It is applied inbound on the inside interface.

You can change IP to be TCP/UDP or other protocol and be specific about the ports that you want to filter.

Every ACL should be applied to an interface in the correct direction (in,out) and everything not specified in the ACL is denied.

Federico.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-31-2010 06:28 AM

Hi,

You cannot create VACLs on the ASA (i believe only on the 6500s)

But, if you're referrering to ACLs to restrict traffic from one IP subnet to another, then yes you can create them on the ASA.

Here's what you do:

access-list interface1

Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/acl_overview.html

Federico.

0 Helpful

Go to solution
hanyawad
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-31-2010 06:35 AM

thanks for your reply

ok, but when i segregated my network to vlans in a multilayer switching and connect these switches to the firewalls,

can i creat ACLs to control the traffic that came from a specific subnet to another subnet or even the internet?

thanks

makar

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to hanyawad

‎05-31-2010 06:40 AM

Yes.

You can definitely control traffic coming from one interface of the ASA going out to another interface.

You do this with ACLs, i.e

access-list inside deny ip any host x.x.x.x

access-list inside permit ip any any

access-group inside in interface inside

The above configuration will deny IP traffic from any source to destination host x.x.x.x and will allow everything else.

It is applied inbound on the inside interface.

You can change IP to be TCP/UDP or other protocol and be specific about the ports that you want to filter.

Every ACL should be applied to an interface in the correct direction (in,out) and everything not specified in the ACL is denied.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card