Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring Control Plane ACL on ASA

Hello,

I configure a control plane ACL to a outside interface for limiting AnyConnect access on ASA 5520, will enter the following commands on the device:

! interface GigabitEthernet0/0
!  nameif outside
!  security-level 0
!  ip address 1.2.3.4 255.255.255.252

access-list LimitingAnyConnect extended permit tcp host 5.6.7.8 host 1.2.3.4 eq https
access-group LimitingAnyConnect in interface outside control-plane

Does this configuration allow ONLY 5.6.7.8 to connect AnyConnect on the device?
Should I add the following ACL?

access-list LimitingAnyConnect extended deny tcp any host 1.2.3.4 eq https


Thank you for your cooperation in advance.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Configuring Control Plane ACL on ASA

No, you don't need to specify the "deny" access-list because by implicit rule is deny ip any any if you have configured an access-list on the interface.

1 REPLY
Cisco Employee

Configuring Control Plane ACL on ASA

No, you don't need to specify the "deny" access-list because by implicit rule is deny ip any any if you have configured an access-list on the interface.

1165
Views
0
Helpful
1
Replies
CreatePlease login to create content