Posts Tagged ‘RFC1918’

Cisco ASA Implicit Rule “Permit all traffic to less secure networks” ACL

October 27th, 2015 No comments

When adding a new network interface to a Cisco ASA, you must specify it's security level. Based on this security level, the default Cisco ASA ACL allows you to access "less secure" networks (with a lower security level), and denies access to "more secure" networks (with a higher security level). The default rule works well, until you need to allow this security zone access to a "more secure" security zone. For example, a DMZ could have a security level of say 25, allowing access to an outside interface with a security level of 0, but it would be implicitly denied access to an inside interface with a security level of 100. When we need to add an ACL to permit certain access to the inside interface, the implicit "Permit all traffic to less secure networks" rule is automatically removed by the Cisco ASA. We can manually add a form of this ACL back in to retain security between zones.


Categories: Networking Tags: , , , ,