I have an ASA 5510 and would like to fine tune the ACL's on the device.
The interface and security levels are as follows
Outside / 0
Inside / 100
Production / 100
I have allowed same level security traffic flow on the device and want to restrict most traffic between the two internal networks.
For instance I currently have this statement on the inside interface.
access-list 102 line 18 extended permit tcp any any eq www
I just want that ACL to allow HTTP traffic to the outside interface (internet). However when I change the destination from ANY to the outside interface, or the outside network, web traffic is blocked.
Is this possible... or do I need to specify a deny statement before that example ACL that would block HTTP traffic to the Production network.
Or to put the question differently. what is the proper way to configure the destination for external networks without using the any statement in the ACL