• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 891
  • Last Modified:

ASA 5510 Replacing Implicit Rule on Inside Interface

Currently we have the default implicit rule on the inside interface: any -> any less secure.  I would like to start locking down the inside interface and want to do it VLAN by VLAN on our network.

If replacing the "any less secure" with an "any -> any IP" the same thing?  I was thinking I put that in first to keep the same flow, and then start slowly adding in the more restrictive rules above it.
0
AllDaySentry
Asked:
AllDaySentry
1 Solution
 
Cyclops3590Commented:
yes, just create an acl and apply it to interface.

you can start with the following that is the rough equivalent

access-list inside-in permit ip any any
access-group inside-in in interface inside
0
 
AllDaySentryAuthor Commented:
Thanks.

I did it through the ASDM which used:

access-list inside_access_in line 1 extended permit ip any any
access-group inside_access_in in interface inside
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now