Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

acl allowing guest access

I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.  I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,  10.100.1 - 40.x, and others.  I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.  The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses.  I'd sure appreciate any guidance someone could give me.

Bob in Indiana

Everyone's tags (2)
1 REPLY
Hall of Fame Super Silver

acl allowing guest access

Put in the ACL to deny from 10.100.41.0 /24 to all RFC 1918 networks (10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16). From higher security inside (where it resides) to lower security outside (Internet) there is an implict allow which will normally use the global or other NAT (or PAT) pool you have setup.

345
Views
0
Helpful
1
Replies
CreatePlease to create content