Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASA Question

Posted on 2014-01-22
8
Medium Priority
?
650 Views
Last Modified: 2014-02-24
I  wanted to ask  you the following:

How can  you permit traffic to specific host  on another interface  if you have configured deny all traffic from one  interface to another   meaning between two  network /24 .

What is the exmpet rule? Is it necessary to setup  between two Site to site vp's?

Does anyone share  with me ebbok on Cisco ASA   preferable  ASDM

Thank you
My ASA  is 5512x
0
Comment
Question by:renegadecy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 9

Expert Comment

by:ffleisma
ID: 39800238
cisco has most documentations relating to ASA configurations guides, both for CLI and ASDM depending on the software version.

as example you can use the following ASA ASDM configuration guide from cisco

http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/firewall/asdm_71_firewall.pdf

you can search for other version configuration guides by searching for "ASA ASDM configuration Guide"

by default there is an implicit deny on end of each interface access rule, but in case you placed a deny statement, you can place a rule on top of that deny statement  to allow a specific IP before denying anything else.

ACL
shown in the figure, you can add ACL after and highlighted ACL, or you can move the created ACL up and down via the arrow keys pointed here. just make sure your permit statement is ahead of the deny statement
0
 

Author Comment

by:renegadecy
ID: 39803658
I have done  it I believe and it doenst   work.,....

How can I enable traffic  from an another  internface  to  outside  does  it need   NAt rule or Access rule


thank you
0
 

Author Comment

by:renegadecy
ID: 39803671
I have ASA 9.0  ASDM 7
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 9

Expert Comment

by:ffleisma
ID: 39805124
It actually needs both

1. NAT rule - purpose of this  is that from an inside interface (having internal private IP) it needs to be NATed (hidden) to an external public IP which is routable within the internet. In this case the outside interface has the public IP address and internal traffic going to the internet gets NATed to the outside interface IP.
2. ACL rule - this is needed for the firewall to identify which traffic is allowed/denied INCOMING (usually) to the interface where it is applied to.
3. default route - if you have not done so, you'll need to specify a default route pointing to your internet router

those are the three basic things you need.

now consider the following example below:
basic FWadd permissive ACL
ACLpermitthe permit rule is on top of the deny rule

add NAT
NAT
for source 192.168.1.8, destination 122.2.152.217
NAT the source IP to the outside interface IP, while keeping the destination the same(122.2.152.217)

let me know if this clarifies things more.

hope this helps!
0
 

Author Comment

by:renegadecy
ID: 39805800
Thank very helpfull  information...Will do and let u know....what  shall I do to permit Traffic  from one  interface to another? Shall I need  both?
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 2000 total points
ID: 39811097
most basic requirement for traffic passing trough the firewall are the following

1. permissive ACL
2. NAT (identity NAT, dynamic NAT, static NAT etc.)
3. route

There are many kinds of NATing that can be done on traffic passing through the firewall.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question