Cisco ASA: ACL

Home Knowledge Base Design & Configure Cisco ASA: ACL

Design & Configure

Cisco ASA: ACL

Technology: FIREWALLS

Area: Traffic restrictions

Vendor: CISCO

Software: CISCO ADAPTIVE SECURITY APPLIANCE (ASA) , ASA-OS, 8.3+

Platform: CISCO ASA 5500, 5500-X

 

ACL in ASA is similar to router configuration, except for processing and mask definition (where router uses wildcards). Adaptive security algorithm inspects only first packet belonging to particular session. Consecutive packets are “known” to ASA and are switched to “Fast Path” to not utilize ASA resources. ACLs are used to restrict or to permit traffic when there is a need to have transmission initiated from lower to higher security level interface. There is only one ACL on one interface in particular direction permission.

 

ASA_ACL

 

To configure ACL to allow connection to host 172.16.1.2 use command below:

access-list outside_in extended permit ip any host 172.16.1.2
access-group outside_in in interface outside

Note: in ASA-OS versions after 8.3 when using NAT, there is a rule to pointing the real destination address, in our case 172.16.1.2 instead of mapped IP like in older versions

 

Useful verification commands:

ASA2# show run access-list
ASA2# show access-list

Author: Marcin Bialy
 
PreviousNext
Tags
active standby Adaptive Security Appliance broadcast Cisco Cisco ASA Firepower cisco EIGRP Cisco FMC Cisco FMC - installing certificate for pxGRID cisco ise cisco ise deployment config configuration containers devops docker dockerfile eigrp Enhanced Interior Gateway Routing Protocol failover lan failover link firewall high availability How to install FMC Cisco identity services engine interface ise deployment ise distributed deployment k8s kubernetes liveness probe ospf pod protocol pxGrid radius router routing security context virtual firewall VLAN
 

Newsletter