Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
2
Replies

permit any to 1.2.3.4

LionKin1984
Level 1
Level 1

‎10-29-2013 07:55 AM - edited ‎03-11-2019 07:57 PM

Hi All

is it possible to create a ACL to permit from any to a particular ip address? i.e I have a ASA with three interfaces (inside, outside and DMZ) and I want to create a ACL to permit from any to inside host (this is probably a bad example but anyway..),

the ACL should look like:

ASA (config) # access-list any-inside extended permit ip any object Inside-host

however what interface should I apply the ACL on?

ASA (config) # access-group any-inside in interface ???                   

thanks

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-29-2013 08:52 AM

If the outside is Internet, you'd generally also have a 1-1 NAT rule for the host in question. Depending on your ASA software version, the access-list would refer to either the NAT address (ASA <8.3) or the real host address (ASA >= 8.3).

The access-list is applied to the outside interface. You want to evalaute and allow or deny the connection at the first interface it hits on the ASA.

0 Helpful

LionKin1984
Level 1
Level 1
In response to Marvin Rhoads

‎10-29-2013 08:57 AM

Thanks for your reply Marvin, I will apply ACL to outside interface see what happens then

Cheers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card