Professional Documents
Culture Documents
I had a situation where traffic needed to be blocked from one subinterface on the ASA to
another, Security-level was setup the same with appropriate NAT and intra security level
permissions. The thing was that the ACL needed to be placed signifying source port as
opposed to destination port. When i applied the ACL to the subinterface i wanted to secure,
nothing worked. I then checked ASDM and the output looked strange (no source ports were
being listed).
I guess my question is can you limit traffic by source ports on an ASA using extended
access-lists inbound to a subinterface that will scrutinize traffic
For instance,
My subif would be
int f0/0.5
ip address 150.100.10.1
nameif dmz
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
1
ASA Subinterface Access-List Application
Will this access-list allow tcp traffic from 150.100.10.42 on port 4200 to any tcp port on
10.33.1.47 and deny all others?
Yes, it should.
As a followup does ASDM not like to display source ports when viewing the ACL in ASDM
utility?
Regards
Where exactly in the ASDM are you referring to? There doesn't seem to be a column for
source port on the config -> security policy page, only destination port.
thats exactly where i was looking, just thought it was strange.. thank you for your responses
and their prompt nature
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
2