Shark Attack
asked on
access outside on ASA
using asa 5516 9.5
I want to block one host (for ex. 192.168.1.100) so that is unable to get outside at all including the obvious 80 and 441. Will I still have access to it internally? I just want to make sure I'll have all access for inside to it. the below does not have the "eq www" which only blocks internet.
If I do :
SERVER_BLOCK = 192.168.1.100
Will I be OK?
I want to block one host (for ex. 192.168.1.100) so that is unable to get outside at all including the obvious 80 and 441. Will I still have access to it internally? I just want to make sure I'll have all access for inside to it. the below does not have the "eq www" which only blocks internet.
If I do :
access-list inside_in extended deny tcp object-group SERVER_BLOCK any4
SERVER_BLOCK = 192.168.1.100
Will I be OK?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Once you put an ACL on an interface it has an implicit deny any any rule attached, so you will need to allow the traffic you want out before the end of the ACL.
ASKER
Thank you!
ASKER