[c-nsp] ASA

David White, Jr. (dwhitejr) dwhitejr at cisco.com
Wed Feb 11 08:57:15 EST 2015


On 2/11/2015 7:29 AM, Joshua Riesenweber wrote:
> This has a few good examples:http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html
> I might very well be wrong, but I believe the security levels are negated if an access list is applied to an interface.
That is incorrect.  Security levels are not negated or affected by
applying an ACL (or not) to an interface.

Sincerely,

David.

>
> Cheers,Josh 
>> Date: Wed, 11 Feb 2015 20:43:37 +1100
>> From: dale.shaw+cisco-nsp at gmail.com
>> To: madunix at gmail.com
>> CC: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] ASA
>>
>> Hi madunix,
>>
>> On Wed, Feb 11, 2015 at 7:26 PM, madunix at gmail.com <madunix at gmail.com>
>> wrote:
>>> I would like to block the following ports: 135,137,138,139,445,593,4444
>>>  tcp/udp on my Firewall
>> [...]
>>
>> Well, what you need to do, is figure out how to block those ports, perhaps
>> by modifying the 'in' access-list you've applied to your outside interface.
>> You might even need to Google That.
>>
>> That's assuming it's that direction (outside > inside) that you want to
>> block the traffic.
>>
>> Cheers,
>> Dale
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>  		 	   		  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list