We have an ASA 5200 which we may be using to provide firewall services for more than one client. With that in mind I went to great lengths and some pain to configure it using the minimum number of interfaces necessary for the existing client using subinterfaces of a single interface.
Behind the subinterfaces for this client we plan to have exchange, web, citrix and sundry other applications which will need access to the internet. I've fiddled with the static (int, int) command and have it functioning for the sub interfaces.
I then began to fiddle with configuring the ACL. Ideally I'd like to permit pretty much everything in through the outside interface then allow or block traffic at the subinterface level. I created two separate ACL's, one called Global_ACL the other called AWF_ACL. The Global_ACL had a permit ip any any statement in it and the AWF_ACL had the more granular permit statements.
I then applied the Global_ACL to the outside interface and the AWF_ACL to the subinterface which I needed traffic to pass on. I tested my connection using RDP remapped to a different port and was able to connect to the server behind the ASA.
I looked at the access-lists and saw hits on the Global_ACL but none on the AWF_ACL. Curious to see if the AWF_ACL was being parsed I then removed it from the subinterface and found that I could still connect via RDP.
My question is this: how can I configure the ASA so that I am allowing everything into the outside interface but only what port traffic I want into each sub interface?
I can post the relevant portion of the config if needed.
Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're interested in additional methods for monitoring bandwidt…