Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA ACL service port audit

Hi,

I have to audit about 40 Cisco ASA (8.4) with ACL service ports as IP or TCP, we want specific ports between source and destinations, please advise the best practice/tool to identify specific port & to avoid any outages.

Also many ACL are defined in both directions, but my understanding is that as ASA is stateful firewall, so for  TCP/UDP we don't need to define bidirectional traffic. Bidirectional traffic is only required for encrypted traffic e.g IPSEC/GRE, please correct if I'am wrong. If i'am correct then please advise if I delete bidirectional traffic for TCP/UDP then it will not break the connections.

Thanks

4 REPLIES
New Member

Cisco ASA ACL service port audit

Anybody is able to advise?

New Member

Cisco ASA ACL service port audit

Hey ,

For same traffic there is no need of bidirectional ACL. but if you want to control the traffic both originating fron inside and outside then you require different ACL.

Your point regarding audit is not clear to me, need more elaboration.

Thanks

New Member

Cisco ASA ACL service port audit

In the ASDM, most Rules source and destination are using the ports as IP/ TCP, I want specific ports like 22,23,514 etc.

How I can findout that Source and Destination are using which ports, so that I can use specific ports instead of general ports as IP, TCP.

Thanks

New Member

Re:Cisco ASA ACL service port audit

Bidirectional rules is required if both source and destination initates the traffic.

336
Views
0
Helpful
4
Replies