ACL at router or ASA

e24ohme24ohm Member Posts: 151
going over some access list items, specificlly sequence numbers in IP access lists; however, is it better to build ACLs on the Router that faces your ISP, or stick to the ASA? I am creating simple lists to block domains...nothing fancy.

thank you


  • redwarriorredwarrior Member Posts: 285
    If you already have an ASA, I'd stick your ACL's there...they have some nice features for troubleshooting exactly what is blocking your traffic, etc. I wouldn't buy an ASA just to put an ACL on it, though. If all you need is a very simple ACL to block some things, then I'd put it on what you already have. :)

    CCNP Progress


    BSCI - In Progress <--My Cisco Blog
  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    Assuming I am understanding, Its not so much that is "needs" to be on an ASA or "needs" to be on a router. Generally you just want to block the traffic as soon as possible. Kinda like, why let anything on your network you don't need to?
  • e24ohme24ohm Member Posts: 151
  • apd123apd123 Member Posts: 171
    As with everything in networking the answer is it depends. If you are natting on the ASA then you will pretty much have to configure your internal ACL's there. Also keep in mind the ASA has more advanced firewall capability and a more scalable way of building large conplex ACL policies.
Sign In or Register to comment.