Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

please give example of security rule in ASA 5520

is the security rule in asa 5520 follow the same style with the acl in cisco 3000 and 4000 series switch where always acl is having implicit deny(so after any deny of any type we have to put permit ip any any)

2 REPLIES
Hall of Fame Super Blue

Re: please give example of security rule in ASA 5520

Yes there is an implicit deny ip any any at the end of an acl on the ASA.

The major difference between ASA/Pix acls and router acls is that the pix and asa use normal subnet masks whereas a router uses inverse masks so the router acl

access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255

would translate to

access-list outside_in permit ip 192,168.5.0 255.255.255.0 172.16.5.0 255.255.255.0

Jon

New Member

Re: please give example of security rule in ASA 5520

many many thanks for your reply. we are connecting client from inside zone (high security) to out side zone server(low security)by 3rd party (different vendor)ipsec in transport mode by routed mode ASA 5520. how can the client be connected to server by the same ipsec in transport mode by NAT in ASA 5520 if everything is allowed in the security rule? please keep in mind that the ipsec transport is between client and server.

138
Views
0
Helpful
2
Replies
CreatePlease login to create content