Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

dan
New Member

ASA 5520 ASDM 6.4: Access Rules vs. ACL/ACE

Hi,

I am new to Cisco firewalls. We are moving from a different vendor to ASA 5520s. So far my "training" for Cisco consists of s  Cisco press book, some white papers and guides, this website, and a bunch of mistakes. So, I have what is probably a pretty basic question for most folks.

Can some one help me understand the difference between Firewall Access Rules and ACL/ACE? And when to use which?

for example: on my ASA 5520s I've set up an Interface for my internal LAN: 172.16.x.x., a DMZ 192.168.2.0/24, and an interface for the Internet side. The 5520 is set up as a routing firewall betwen my internal lan, DMZ, and Internet.

If I want to allow my internal users Internet access for http and https would I use a Firewall Access rule?

For most of my rules allowing outbound access from my 172 LAN and DMZ and inbound access to devices in my DMZ can I mostly utilize the Firewall Access Rules?

Under what circumstance would I use ACL/ACE?

Any help greatly appreciated.

Dan

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA 5520 ASDM 6.4: Access Rules vs. ACL/ACE

Hello Dan,

Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.

Let me know if you need more clarification.

Mike

Mike
1 REPLY
Cisco Employee

ASA 5520 ASDM 6.4: Access Rules vs. ACL/ACE

Hello Dan,

Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.

Let me know if you need more clarification.

Mike

Mike
977
Views
0
Helpful
1
Replies