topic Hi,If I understand it in Network Security

Extended Access List

Mohammed Yusuf — Tue, 12 Mar 2019 05:40:55 GMT

Hi,

I am testing a cloud access point and I think Asa5505 is blocking external 8443 to access the cloud portal.

i tried to create an access point to allow the access point from internal to external but i seem to be struggling to get it working, not sure where to check. I created the access list something like this.

access-list acl-outside extended permit tcp host 172.16.10.8 eq 8443 any

not sure where I am going wrong?

Appreciate your help.

thanks,

Need a bit more information

Jon Marshall — Sun, 22 Mar 2015 20:44:12 GMT

Need a bit more information than that.

What is trying to access what ie. source and destination IPs and port numbers.

Plus please post configuration of your ASA.

Jon

Hey Jon,The source port could

Mohammed Yusuf — Mon, 23 Mar 2015 07:46:37 GMT

Hey Jon,

The source port could be anything. I am trying to reach to

https://003.unificloud.co.uk:8443/

and I only want to allow only 2 or 3 Access point,

Hi,If I understand it

Vibhor Amrodia — Tue, 24 Mar 2015 11:06:25 GMT

Hi,

If I understand it correctly , I think we are trying to allow the Outbound traffic to the Access point through the ASA device.

I think this ACL is applied on the inside interface:-

access-list acl-outside extended permit tcp host 172.16.10.8 eq 8443 any

In that case , I see that ACE is incorrect:-

access-list acl-outside extended permit tcp host 172.16.10.8 any eq 8443

Allow the Source IP which you want as per the requirement.

Thanks and Regards,

Vibhor Amrodia

Hi, I tried your suggestion

Mohammed Yusuf — Tue, 24 Mar 2015 12:59:06 GMT

Hi,

I tried your suggestion

access-list acl-outside extended permit tcp host 172.16.10.8 any eq 8443

It does not seem to work. where can I see or troubleshoot?

Thanks,

Hi ,I think the easiest way

Vibhor Amrodia — Tue, 24 Mar 2015 13:14:07 GMT

Hi ,

I think the easiest way would be test the policies using the packet tracer command on the AS device.

Refer:-

https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

Thanks and Regards,

Vibhor Amrodia

I got this error on the

Mohammed Yusuf — Mon, 30 Mar 2015 19:04:28 GMT

I got this error on the packet tracer.

Is Vibhor correct ie. you are

Jon Marshall — Mon, 30 Mar 2015 19:16:59 GMT

Is Vibhor correct ie. you are trying to allow traffic from the inside of your ASA to the outside.

Can you confirm that is what you are trying to do ?

If so can you run this at the CLI and post results together with your ASA configuration -

"packet-tracer input inside tcp 172.16.10.8 12345 <public IP> 8443"

where the public IP is the one you are trying to connect to.

Jon

Hi Jon,I am only trying to

Mohammed Yusuf — Thu, 02 Apr 2015 11:49:52 GMT

Hi Jon,

I am only trying to access this site

https://003.unificloud.co.uk:8443

I can ping it but unable to access on port 8443.