?
Solved

Cisco ASA information needed

Posted on 2014-01-26
6
Medium Priority
?
355 Views
Last Modified: 2014-02-04
How can  you permit traffic to specific host  on another interface  if you have configured deny all traffic from one  interface to another   meaning between two  network /24 .

 Is it necessary to setup an except rule  between two interfaces?
0
Comment
Question by:renegadecy
  • 3
  • 2
6 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 39810179
I would think a permit rule for that requirement could be created and placed immediately above the deny.
0
 

Author Comment

by:renegadecy
ID: 39810313
have done that and it doent work...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39810364
If you remove the deny, and only have that rule does it work?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 

Author Comment

by:renegadecy
ID: 39810530
due to security policy I cannot remove the deny
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39810747
It's implicitly denied.
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 1500 total points
ID: 39810791
What level is the allow, meaning on the ACL is it higher then any of the denys? What do the logs show on the ASA when you create the rule and test it. It should give a reason denied. Also is their routes/NATs setup for the two subnets to talk?
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question