Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Understanding access rules

am trying to config a FWSM by ASDM 6.2f.

there are formerly configured interfaces and new interfaces i created.

when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.

1. what wrong with the new interfces i created?

2. whats the logic of auto adding a rule to "all" interfaces , the rules are incoming rules  specific to interfaces or groups , why add the to the rule to  "all" intefaces?.

Everyone's tags (4)
3 REPLIES
Cisco Employee

Understanding access rules

1. With the new interfaces you created, you would also need to assign the access rule to the interface:

access-group in interface

2. Each interface should really have unique rules that correspond to that particular interface, instead of having 1 same rule set to all interfaces. How does your current configuration look like?

Community Member

Understanding access rules

hi jennifer

1. i have some 20 interfaces(vlans) when i add a new incoming  rule to a old interface ( not one i created) it gets added automaticlly to all the old interfaces but not to the new ones.

2.  my config:

i see all the interfaces with identical rules under them

as i stated above, no matter under which interface i create the rule , it gets duplicated under  the other interfaces ( only the old ones)

i am new to ASDM with vlans so im not sure how thing should be working

thanks

Cisco Employee

Understanding access rules

1. In that case, as stated on your point number 2 that you have the same rule applied to all the interfaces. Hence when you create a rule it gets added to all interfaces.

2. Two steps to configure access rules and apply to interface:

Step 1: configure the access rules

Step 2: apply it to the interface (this only needs to be applied once, so if you create a new interface, you would need to apply the access rules to the new interface).

Each interface can have different access rule name:

Example:

access-list acl-inside permit tcp any any eq 80

access-list acl-inside permit tcp any any eq 443

access-group acl-inside in interface inside

access-list acl-outside permit tcp any host 1.1.1.1 eq 80

access-group acl-outside in interface outside

Hope that answers your question.

419
Views
0
Helpful
3
Replies
CreatePlease to create content