Solved

ASA 5510 Replacing Implicit Rule on Inside Interface

Posted on 2013-06-14
2
830 Views
Last Modified: 2013-06-18
Currently we have the default implicit rule on the inside interface: any -> any less secure.  I would like to start locking down the inside interface and want to do it VLAN by VLAN on our network.

If replacing the "any less secure" with an "any -> any IP" the same thing?  I was thinking I put that in first to keep the same flow, and then start slowly adding in the more restrictive rules above it.
0
Comment
Question by:AllDaySentry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 250 total points
ID: 39248529
yes, just create an acl and apply it to interface.

you can start with the following that is the rough equivalent

access-list inside-in permit ip any any
access-group inside-in in interface inside
0
 

Author Comment

by:AllDaySentry
ID: 39249309
Thanks.

I did it through the ASDM which used:

access-list inside_access_in line 1 extended permit ip any any
access-group inside_access_in in interface inside
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in INIT/DROTHER 2 76
Use packet tracer to verify anyconnect VPN 11 101
GBIC "Gi0/25 notconnect 1auto auto unknown" 3 56
DHCP behind catalyst 3750 POE-48 2 18
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question