ASA
Access List (ASA Software Version 9.0 (1)) - Older version configuration is
different.
1.
Sequential list of permit and deny conditions
2.
Identify the traffic flows
3.ACLs
are applied in the interface.
Always
go from most specific to most general
Access-list
per1 permit tcp 10.1.0.0 255.255.255.0 an eq www
Access-list
per1 permit tcp 10.1.0.0 255.255.255.0 an eq 443
show
access-list
Access-list
per1 :2 elements
Access-list
per1 line 1 extended permit tcp 10.1.0.0 255.255.255.0 an eq 443
Access-list
per1 line 2 extended permit tcp 10.1.0.0 255.255.255.0 an eq www
Adding
new access statement
Access-list
per1 line 2 deny tcp host 10.1.0.2 any eq https
show
access-list per1
Access-list
per1 :3 elements
Access-list
per1 line 1 extended permit tcp 10.1.0.0 255.255.255.0 an eq 443
Access-list
per1 line 2 extended deny tcp host 10.1.0.2 any eq https
Access-list
per1 line 3 extended permit tcp 10.1.0.0 255.255.255.0 an eq www
Remove
access list
no
Access-list per1 line 2 deny tcp host 10.1.0.2 any eq https
Rename
access-list
access-list
per1 rename IND_LAN
Object
group access-list
object-group
network accounts
description
accounts
network-object
host 10.0.0.2
network-object
10.0.0.0 255.255.255.0
exit
Access-list
per2 permit tcp object-group accounts any eq www
access-list
per2 permit tcp object-group accounts any eq 443
Apply ACL into
interface
Access-group per2 in
interface outside
ICMP permit ACL
Access-list
per1 permit ICMP any any echo-reply
Access-list
per1 permit ICMP any any source-quench
Access-list
per1 permit ICMP any any unreachable
Access-list
per1 permit ICMP any any time-exceeded
Static
NAT in ASA
create
network object
identify
the internal host
create
static NAT statement
Build
An ACL
Apply
ACL to the outside interface
Object-group
network outside_2_inside_web_server
network-object
host 192.168.102.5
nat
(inside, outside) static interface service tcp 80 80
access-list
outside2webserver permit tcp any host 192.168.102.5 eq www
access-group
outside2webserver in interface outside
No comments:
Post a Comment