Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

access lists for asa

Hi all, what is the normal way of denying traffic to a dmz, if from the inside all is allowed, would i just create an access list on the dmz outbound ?

2 REPLIES
New Member

Re: access lists for asa

Hi,

Try this

If ur DMZ interface is 17.2.3.3 255.255.255.0

access-list 12 deny tcp any 17.2.3.3 255.255.255.0

access-list 12 permit tcp any any

access-group 12 in interface inside

Or u can also outbound for dmz as well but this is easier

Raj

New Member

Re: access lists for asa

if your dmz network is 172.16.x.x

and the internal network is 192.168.x.x

then create

access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp

for blocking ftp form inside to dmz

apply on

access-group 101 in interface inside

133
Views
0
Helpful
2
Replies
CreatePlease to create content