Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Checkpoint to ASA Conversion (negate ability in Checkpoint)

I am in the middle of a Checkpoint to ASA conversion and so far it's gone pretty well.

My current problem though is that Checkpoint allowed for me to create an ACL that I could specify a group I created called RFC_1918_Group would not be allowed coming in my outside int but everything else would be allowed.

Any way to do this in the ASA without creating a permit statement along with a deny statement?

Attached is what the rule looks like in Checkpoint.

Thanks in advanced! This could cut down my rule base by a few lines.

3 REPLIES
New Member

Re: Checkpoint to ASA Conversion (negate ability in Checkpoint)

There is no predefinied RFC1918 grouping in the ASA

New Member

Re: Checkpoint to ASA Conversion (negate ability in Checkpoint)

There is NO RFC1918 in checkpoint either.

The user has to create that.

What he is asking will require two separate

line of groups to do the trick. The first

line in the ACL should block RFC1918 addresses

while the second ACL line permit from Any.

Pix ACL is dumb, it is not smart as checkpoint

policy.

New Member

Re: Checkpoint to ASA Conversion (negate ability in Checkpoint)

Thank you Kevin. That is what I thought but was hoping the ASA was smarter then that.

Two ACLs it is then.

Thanks again.

1261
Views
0
Helpful
3
Replies