Implementing Access-list through Cisco ASA firewalls

Access Control list is a list of allow or deny users to share network resources, usually implemented with comprehensive pre-defined rules and regulations committed with an entity. Along with the explicitly denying or allowing policy implementation , conditions may also applied on data traffic which is based on different measures including protocol, source and destination IP address, source and destination port numbers.

Working with Cisco ASA; it uses inbound and outbound ACLs:

  • Inbound—Inbound access lists apply to traffic as it enters an interface.
  • Outbound—Outbound access lists apply to traffic as it exits an interface
Outbound ACL Example

Outbound ACL Example

Normally we use ACL to allow selected services , uses through filter topology on network traffic, it means  ACL provides an additional level of security over default firewall options, moreover  , we can use and implement ACL for monitoring purpose as well along with , route selection,  network address translation and to control and host access.
Implementation Examples:

To implement outbound access list ( to allow with the specific port 8000 )

host name(config)# access-list 102 extended permit tcp host 10.1.10.4 host 172.19.99.225 eq 8000

To Permit Local Network 

access-list acl_permit permit ip 172.16.99.0 0.0.0.255

To permit/Deny for All

{Permit/deny} ip any any

Using ASA GUI Mode Via ASDM:

ASA GUI Mode Via ASDM

ASA GUI Mode Via ASDM

ASA GUI Mode Via ASDM

ASA GUI Mode Via ASDM

Unix was the first which provided us the first ever file based ACL with chmod’ command. Now with the increasing growth of network’s deployment scenarios, it is being working on“Defense in Depth “strategy for any IT infrastructure,i.e. ACL now provides an additional layer of network security.

While creating or implementing access list, the implementer must keep in view about the possible outcomes ,  monitoring CPU and Memory usage of the router or firewall before and after applying the access list is must . “Show access-list” command can help a lot for all these.

TECHEXE.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts By ahson

Category

Network Management

Tags

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,