I am applying directional acl's on a vlan software interface. The acl is basically to protect that subnet from the rest on the greater network, only allowing necessary traffic in/out. My core 6500 where the acl resides is behind an ASA5515 restricting inside access to the internet via another acl. The subnet I am creating the new acl on has access to a host of specific internet addresses via the ASA inside acl already, this is where my confusion starts.
Do I have to specify all the access already in the ASA acl in my interface acl or is there an easier way? I have given the new acl full ip access to the ASA thinking that would be sufficient but does not appear to be.
hopefully that's clear, appreciate any help or direction to it.
Do I have to specify all the access already in the ASA acl in my interface acl or is there an easier way? I have given the new acl full ip access to the ASA thinking that would be sufficient but does not appear to be.
hopefully that's clear, appreciate any help or direction to it.