Cisco ASA 5510 ACL question
Posted on 2010-08-23
I've setup sla monitoring on my asa 5510 for internet failover purposes. That's working like a charm, my question is, can I apply acl's for outgoing traffic on my backup interface? Currently I have acl's on my inside interface to allow certain ports outbond, i.e. access-list in_out extended permit tcp 10.1.1.0 255.255.255.0 any eq 80 etc. I basically want to filter the same type of traffic on my backup interface but only allow my users to hit a certain destination network like this: access-list in_out_bkup extended permit tcp 10.1.1.0 255.255.255.0 220.127.116.11 255.255.255.0 eq 80.
I currently have a 46mb pipe for my primary ISP (ouside interface) but only have a 7mb pipe for my backup ISP (backup interface). This is why I only want them to be able to access our critical websites and applications and prevent everything else outbound.
I've tried applying the second acl example using access-group in_out_bkup in interface backup, but that didn't work. Everyone could still hit the internet when it failed over.
Thanks in advance for your help!