Dears,
I was checking the solution of the task "ASA basic access-list" and i was confused about the following:
When we apply a global ACL on the ASA and there are no ACLs applied on interfaces, the security-level rules no longer apply and all inbound traffic from all interfaces is subject to the global ACL. In this case, if we only permit traffic any interface to another, it will pass through the ASA. In the solution, we added the "PERMIT TASK TRAFFIC" part in the global ACL which solves the task. My question is why did we add the part "PERMIT RESTRICTED TRAFFIC DUE TO USING GLOBAL ACL"? I tested everything without it and it is working fine.
access-list GLOBAL remark *** PERMIT TASK TRAFFIC *** access-list GLOBAL extended permit icmp host 150.1.22.22 any echo access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 80 access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 3389 access-list GLOBAL extended permit udp any host 172.16.10.100 eq 514 access-list GLOBAL remark *** PERMIT RESTRICTED TRAFFIC DUE TO USING GLOBAL ACL *** access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 136.1.29.0 255.255.255.0 access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 host 150.1.22.22 access-list GLOBAL permit ip 136.1.19.0 255.255.255.0 any access-list GLOBAL permit ip 136.1.27.0 255.255.255.0 any access-list GLOBAL permit ip host 150.1.11.11 any