Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5520 ACLs Help Needed

Hello

i have to apply an acl to secure my inside network with the traffic comming from outside.So on what interface and in what direction i can use acl?

Another thing is that a host is nat with inside interface if i apply acl on this interface what will be the acl direction and on what interface.

Your quick response will be highly apreciated thanx

3 REPLIES
Hall of Fame Super Blue

Re: ASA5520 ACLs Help Needed

Hi

If you want to secure your inside network from traffic coming from outside then you want to apply your acl on the interface that connects to the outside and you want to apply it in the inbound direction.

Coudl you explain the NAT setup a bit more clearly ?

HTH

Jon

New Member

Re: ASA5520 ACLs Help Needed

actually we r using PAT means we have one public ip and we use the syntax

"nat inside 1 192.168.10.1 255.255.255.255"

so my question is can i apply an acl using host 192.168.10.1 as my destination address

Hall of Fame Super Blue

Re: ASA5520 ACLs Help Needed

Hi

If you are applying your acl on the outside interface in an inbound direction to restrict traffic from the outside you need to use the Natted address. But this won't work if you are using PAT.

If a packet comes from the outside with the destination address of your public ip and you hide all your private addresses behind this one public address your router won't know which private host to send the traffic to.

Does this make sense ?

Jon

98
Views
0
Helpful
3
Replies
CreatePlease login to create content