Posted by: Raj Perumal
Adaptive Security Appliance, ASDM, Cisco ASA, common Cisco ASA issues, implicit rules, inside access out, inside interface outgoing, outside access out, outside interface outgoing
Hi folks, as you know I’ve been doing a lot of work with the Cisco ASA firewall products lately and I wanted to address an issue I’ve seen a few administrators run into when setting up a new ASA.
Often when you setup an ASA you are not just setting up inside out external access but you might also want to set some incoming rules for some of your servers such as web servers or mail servers. The problem I see administrators run into is that after they setup these rules they still can’t get access to the servers from the outside world.
If you take a look at the rules closely, at first look it seems like everything was configured ok and everything should be working. What I’ve found in these situations is that someone specified an inside interface outgoing rule, or an outside interface outgoing rule. By doing that you’re implicity allowing that one rule and automatically denying all else. In order to fix this, create a specific rule for the device to allow it out or just remove all the outgoing rules altogether and then the Cisco ASA will allow it by default. Which way you chose will depend on how you want to secure your network of course. Hope this helps!