Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can the PIX/ASA 8.0(4) issue rejects?

I have gone through all the docs but cannot find any mention on how to set up a "reject" instead of the regular "deny" in an access rule.  I have some legacy Checkpoint Firewalls and want to migrate them over to some of my ASAs.  Some rules ont he Checkpoint specifically state "reject" (for NetBIOS stuff etc.).  Is this possible ont he ASA?

How do you "reject" certain traffic, while still doing a "deny" and a "permit" on other traffic?

Thanks

Joerg

Everyone's tags (6)
3 REPLIES
Cisco Employee

Re: Can the PIX/ASA 8.0(4) issue rejects?

It depends on what you mean by reject. If you mean sending a Reset then you can enable it global with "service resetinbound" and "service resetoutbound" for packets denies by ACLs.

I hope it helps.

PK

New Member

Re: Can the PIX/ASA 8.0(4) issue rejects?

So it is a global setting?  So I need to decide if I want a reset send for every deny or non at all?

Cisco Employee

Re: Can the PIX/ASA 8.0(4) issue rejects?

Unfortunately you cannot do it on a per rule basis.

For protocols that the ASA can inspect like http etc, you can send resets based on matched criteria and that is done using class maps and policy maps. not use what you protocols are, so I am not sure.

PK

959
Views
0
Helpful
3
Replies