Hi,
I have ASA 5520 device.In that i have only one access list that is for the inbound connection from outside.Please find the access-list config..
access-list outside_in extended permit tcp any host x.x.x.1 eq www
access-list outside_in extended permit udp any host x.x.x.1 eq domain
access-list outside_in extended permit tcp any host x.x.x.2 eq www
access-list outside_in extended permit tcp any host x.x.x.2 eq www
access-list outside_in extended permit tcp any host x.x.x.3 eq www
access-list outside_in extended permit tcp any host x.x.x.4 eq www
access-list outside_in extended permit tcp any host x.x.x.5 eq www
access-list outside_in extended permit tcp any host x.x.x.6 eq www
access-list outside_in extended permit tcp any host x.x.x.7 eq www
access-list outside_in extended permit tcp any host x.x.x.7 eq 3389
access-list outside_in extended permit tcp any host x.x.x.8 eq 3389
access-list outside_in extended permit tcp any host x.x.x.8 eq www
access-list outside_in extended permit tcp any host x.x.x.9 eq ftp
access-list outside_in extended permit tcp any host x.x.x.9 eq ftp-data
access-list outside_in extended permit tcp any host x.x.x.11 eq 6013
access-list outside_in extended permit tcp any host x.x.x.11 eq www
access-list outside_in extended permit tcp any host x.x.x.12 eq 91
access-list outside_in extended permit tcp any host x.x.x.12 eq 92
access-list outside_in extended permit tcp any host x.x.x.12 eq 333
access-list outside_in extended permit tcp any host x.x.x.12 eq ftp
access-list outside_in extended permit tcp any host x.x.x.12 eq ftp-data
access-list outside_in extended permit tcp any eq kerberos any eq kerberos
access-list outside_in extended permit tcp any eq www any eq www
access-list outside_in extended permit tcp any eq https any eq https
access-list outside_in extended permit ip any any
at the end of the access-list " ip any any" is configured. Now my question :is
it make any security risk? if i remove ip any any then i am unable to access anything from outside..
please guide me that "ip any any " command is a right configuration or not. is it make any security risk?
please assist in this matter
Thanx,
som
