LIBBB
asked on
How to figure out what ACL rules to add to wide open ASA
At the moment there are some new cisco ASA's in a network that at the end of the every ACL have a permit, "any any" so nothing gets blocked.
I am now tasked with locking it down. Is there a way I can see what connections have been used, to what IP, port, etc so I can create rules off those?
This is a production network, so I can't just lock it down, then try to figure out what to open back up.
I am now tasked with locking it down. Is there a way I can see what connections have been used, to what IP, port, etc so I can create rules off those?
This is a production network, so I can't just lock it down, then try to figure out what to open back up.
You can use ASDM with logging enabled to see connections in real time
Do you only need to lock down outside-in connections? Or do they also want you to limit outgoing traffic?
ASKER
Lock down outside-in connections.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well I guess i"m goign to have to keep the real time connection log going for a while, and just note the connections through out the day.
Its a pretty big network. The sources could be coming from many different /24, to many different services/ports.
Just suprised there's not a better way to do it.
Its a pretty big network. The sources could be coming from many different /24, to many different services/ports.
Just suprised there's not a better way to do it.