Quantcast
Channel: IEOC - INE's Online Community
Viewing all articles
Browse latest Browse all 10744

Using Global ACL's

$
0
0
Section5: Perimeter Security and Services - ASA Firewalls
ASA Basic Access-Lists
 

ASA2:

access-list GLOBAL remark *** PERMIT TASK TRAFFIC ***

access-list GLOBAL extended permit icmp host 150.1.22.22 any echo

access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 80

access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 3389

access-list GLOBAL extended permit udp any host 172.16.10.100 eq 514

 

access-list GLOBAL remark *** PERMIT RESTRICTED TRAFFIC DUE TO USING GLOBAL ACL ***

access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 136.1.29.0 255.255.255.0

access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 host 150.1.22.22

access-list GLOBAL permit ip 136.1.19.0 255.255.255.0 any

access-list GLOBAL permit ip 136.1.27.0 255.255.255.0 any

access-list GLOBAL permit ip host 150.1.11.11 any

!

access-group GLOBAL global

 

Why do we need to permit restricted traffic due to using global ACL? As per the task, we have permitted inbound traffic. As Inbound traffic will first check the Interface ACL then checking Global ACL's, so isn't these permit statements be present in Interface ACL instead of being in Global ACL's ??


Viewing all articles
Browse latest Browse all 10744

Trending Articles