Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access lists on asa

hi all, by default is anything allowed out of my firewall, does the permit ip any any allow everything out, ie all tcp ports? if I wanted to just allow web traffic out, would I delete the default allow all rule off and create one for tcp port 80 to anywhere ?

4 REPLIES
Green

Re: access lists on asa

Yes.

You need to create a rule to permit 80 and another rule to block everything else. You would simply do this.

access-list inside permit tcp any any eq 80

access-list inside deny ip any any

access-group inside in interface inside

New Member

Re: access lists on asa

can you tell me what the "access-group inside in interface inside" means ? , would we not want this going outbound ?

Green

Re: access lists on asa

It applies the acl into the inside interface which would be outbound.

If you wrote access-group inside out interface inside then the acl would be applied outbound from the inside interface, or inbound to you inside network.

Also, not to confuse you more, if you apply the acl on the outside interface, it would be as you suggested. access-group inside out interface outside would be outgoing from inside network. access-group inside in interface outside would be incoming traffic from the outside.

New Member

Re: access lists on asa

I am a little confused on this, can you explain a little further about the inside/outside in etc access lists ? and also what part of the statement is actually the name of the access list here ?

183
Views
0
Helpful
4
Replies