01-16-2014 10:52 AM - edited 03-11-2019 08:31 PM
Hi,
I have to audit about 40 Cisco ASA (8.4) with ACL service ports as IP or TCP, we want specific ports between source and destinations, please advise the best practice/tool to identify specific port & to avoid any outages.
Also many ACL are defined in both directions, but my understanding is that as ASA is stateful firewall, so for TCP/UDP we don't need to define bidirectional traffic. Bidirectional traffic is only required for encrypted traffic e.g IPSEC/GRE, please correct if I'am wrong. If i'am correct then please advise if I delete bidirectional traffic for TCP/UDP then it will not break the connections.
Thanks
01-22-2014 03:12 PM
Anybody is able to advise?
01-22-2014 08:28 PM
Hey ,
For same traffic there is no need of bidirectional ACL. but if you want to control the traffic both originating fron inside and outside then you require different ACL.
Your point regarding audit is not clear to me, need more elaboration.
Thanks
01-24-2014 02:20 PM
In the ASDM, most Rules source and destination are using the ports as IP/ TCP, I want specific ports like 22,23,514 etc.
How I can findout that Source and Destination are using which ports, so that I can use specific ports instead of general ports as IP, TCP.
Thanks
01-22-2014 11:06 PM
Bidirectional rules is required if both source and destination initates the traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide