This has a few good examples:http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html I might very well be wrong, but I believe the security levels are negated if an access list is applied to an interface.
Cheers,Josh > Date: Wed, 11 Feb 2015 20:43:37 +1100 > From: dale.shaw+cisco-...@gmail.com > To: madu...@gmail.com > CC: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] ASA > > Hi madunix, > > On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com <madu...@gmail.com> > wrote: > > > > I would like to block the following ports: 135,137,138,139,445,593,4444 > > tcp/udp on my Firewall > [...] > > Well, what you need to do, is figure out how to block those ports, perhaps > by modifying the 'in' access-list you've applied to your outside interface. > You might even need to Google That. > > That's assuming it's that direction (outside > inside) that you want to > block the traffic. > > Cheers, > Dale > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/