jimmycher
asked on
ASA Null route?
I would like to force all traffic that I don't specifically want into the bit bucket. I understand that's what ACE do, but I'd like it on the route statement as well. Routers can do this easly, but can't find anything for the ASA.
If I'm understanding your question correctly, you can put an ACL on each interface specifying exactly what you want to let through, and everything else will be denied by default. If you want, you can put an explicit "deny any any" rule at the bottom, although you really don't need to. If you want to log what's being denied, then do "deny any any log". Make sure you apply the ACLs on each interface with the access-group command. Just be aware that's going to change the default behavior of permitting traffic from a more trusted interface if it's going out a less trusted interface; if you put an ACL on the inside interface, you will have to explicitly allow everything you want to go out.
ASKER
Thanks, but I'm looking for a routing command.
Something like ip route 192.168.0.0 255.255.0.0 Null0
I know it works on a router, but does it work on an ASA?
Regards,
Something like ip route 192.168.0.0 255.255.0.0 Null0
I know it works on a router, but does it work on an ASA?
Regards,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Many thanks!