Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
4
Replies

ASDM versus CLI - named access-list etc

Phil Williamson
Level 1
Level 1

‎01-31-2008 07:13 AM - edited ‎02-20-2020 09:40 PM

I'm a CLI junkie now using ASDM v5.2(3) on ASA55x0. Where are the named access-lists I'm used to working with in PIX 6.3(x) CLI? I want to continue to create my named access-lists so I and my colleagues can continue to use our standard templates for configuration tasks. I'm not interested in the ones created automatically such as "access-list in_out-back_forth-UpDown-interfaceSomeWhere0.1". These only confuse my staff when trynig to complete config tasks.

Labels:
0 Helpful
4 Replies 4

acomiskey
Level 10
Level 10

‎01-31-2008 07:35 AM

As far as I know the names of the acl's are not displayed in Config -> Firewall -> Security Policy, but the names are displayed in the "Acl Manager". Not sure how to get to this in asdm 5, I think one way is through VPN -> Group Policy-> Client Configuration-> Split Tunnel -> Manage (ACL List)

0 Helpful

Phil Williamson
Level 1
Level 1
In response to acomiskey

‎01-31-2008 08:05 AM

Adam - yes you are correct - strange that they have to be accessed via Split Tunnel Network List, but so be it. I can now create a named ACL with our standardized names, but how do I reference it by name later when applying to some policy?

Typically one might have:

access-list AllowInbound

permit icmp any interface outside echo-reply

permit icmp any interface outside unreachable

permit icmp any interface outside time-exceeded

!

access-group AllowInbound in interface outside

!

Thx - Phil

0 Helpful

acomiskey
Level 10
Level 10
In response to Phil Williamson

‎01-31-2008 08:11 AM

Once the acl "AllowInbound" is created you can still edit/add to it in the Config -> Firewall -> Security Policy page.

Although it is not referenced by the name "AllowInbound", you will notice that the regular security policy page references the acl's by which interface they are assigned to and which direction. Therefore in the above example, you can edit the rules under the heading "outside (# incoming rules)".

0 Helpful

Phil Williamson
Level 1
Level 1
In response to acomiskey

‎01-31-2008 08:25 AM

Adam - thx for the help. I will have to rethink the use of ASDM for initial config by our techs. We have standardized templates that they copy/paste into the CLI. The ASDM is nice, but it tends to hide too much and to me at least makes it difficult to config the device the way I need to.

0 Helpful
Customers Also Viewed These Support Documents