Home
Certification Preparation
Cisco
CCNP
CCNP Security
ASA and deployment
datchcha
Forum,
I am having a brain fart trying to figure out this model, i know it is super easy but i am missing something.
ISP>--<38.74.12.1|Router|192.168.1.1>--<192.168.1.2|ASA5505|10.0.0.1 >--<network>
I want to block access to an external ip address, but where would the best place to place my access list? It was thinking that i would apply my access-list on the ASA5505, but wouldn't the 192.168.1.0 network only be seen becuase i can not place a static route on the ASA, if i am thinking right then this would not be the best place, and i would have to place the Access-list on the router Example:
access-list 101 deny ip 208.x.x.x 0.0.0.0 0.0.0.0 0.0.0.0
access-list 102 permit ip any any
apply these to the outside interface with the 'in' switch? I would also have to have a similar ACL to the inside interface currect? ACL was not one of my stronger points on the test.
Find more posts tagged with
Comments
Netstudent
I would apply it on the ASA's inside interface. This way it gets denied before it ever gets out. This way you don't waste bandwidth and processing resources on something thats going to get denied on the return.
You can have static routes and dynamic for that matter, in an ASA. Think about it, if the ASA didn't have a static default route pointing to the internet, how would it route anything outbound?
dtlokee
Unless you are natting the destination address you can apply the ACL to the ASA inside interface and use the destination address to determine what will be allowed or denied.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
