I have a question that I hope someone can clarify ... I will be supporting a new ASA 5585X running 8.4 and I was wondering if it's possible to apply an ACL globally instead of it as an access group that is applied to a specific interface as in or out ... below are the interfaces and ACL ..
ip address X.X.X.X 255.255.255.0 standby X.X.X.X!
ip address 10.69.201.X 255.255.255.0 standby 10.69.201.X
ip address 10.69.129.X 255.255.255.0 standby 10.69.129.X
ip address 10.69.130.X 255.255.255.0 standby 10.69.130.X
ip address 10.69.134.X 255.255.255.0 standby 10.69.134.X
ip address 10.69.136.X 255.255.255.0 standby 10.69.136.X
ip address 10.69.140.X 255.255.255.0 standby 10.69.140.X
Beginning from 8.3(1) you should be able to use a single access-list to control traffic/connection.
It still uses the "access-group" command to "attach" the access-list as a global access-list
command format is:
Just out of interest, are you moving to ASA from some other product or why would you want to use one global access-list? Personally I could never think of changing to global access-lists. I guess thats probably due to the fact that I have used the access-lists attached to certain interface and direction for so long.
Thank you for the information which I will suggest them to add it .. Yes , this is a completed product migration from IPSO checkpoint NGXR65 to ASA5585X Version 8.4(3) .. I believe the reasoning behind using it as global was that each of the TenGig 0/9 subinterfaces use the same ACL ...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :