Menu

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl
  • Cisco ASA: ACL

    Design & Configure

    Cisco ASA: ACL

    Technology: FIREWALLS

    Area: Traffic restrictions

    Vendor: CISCO

    Software: CISCO ADAPTIVE SECURITY APPLIANCE (ASA), ASA-OS, 8.3+

    Platform: CISCO ASA 5500, 5500-X

     

    ASA migration options

     

    ACL in ASA is similar to router configuration, except for processing and mask definition (where the router uses wildcards). The adaptive security algorithm inspects only the first packet belonging to a particular session. Consecutive packets are “known” to ASA and are switched to “Fast Path” to not utilize ASA resources. ACLs are used to restrict or to permit traffic when there is a need to have transmission initiated from the lower to higher security level interface. There is only one ACL on one interface in particular direction permission.

     

    ASA_ACL

     

    To configure ACL to allow connection to host 172.16.1.2 use the command below:

    access-list outside_in extended permit ip any host 172.16.1.2
    access-group outside_in in interface outside

    Note: in ASA-OS versions after 8.3 when using NAT, there is a rule to pointing the real destination address, in our case 172.16.1.2 instead of mapped IP like in older versions

     

    Useful verification commands:

    ASA2# show run access-list
    ASA2# show access-list

    Author: Marcin Bialy
     
    Grandmetric