https://community.cisco.com/t5/network-security/acl/m-p/2521053#M206761 <P>Hi,</P><P>Writing ac ACL would require these details:-</P><P>1) The traffic is moving from higher to Lower or Lower to Higher Security Interfaces ?</P><P>2) Access Group direction where the traffic needs to be blocked ?</P><P>Once , you have this you can use this syntax:-</P><P>access-list &lt;name&gt; permit &lt;protocol&gt; &lt;Source Address/Subnet&gt; &lt;mask&gt; &lt;Destination Address/Subnet&gt; &lt;mask&gt;</P><P>Refer:-</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_overview.html</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Sun, 05 Oct 2014 06:09:00 GMT Vibhor Amrodia 2014-10-05T06:09:00Z https://community.cisco.com/t5/network-security/acl/m-p/2521052#M206760 <P><SPAN id="result_box" lang="en"><SPAN class="hps">I want to</SPAN> <SPAN class="hps">write</SPAN> <SPAN class="hps">an</SPAN> <SPAN class="hps">acl</SPAN> <SPAN class="hps">that</SPAN> <SPAN class="hps">allows HTTP</SPAN> <SPAN class="hps">traffic</SPAN> <SPAN class="hps">to a</SPAN> <SPAN class="hps">single</SPAN> <SPAN class="hps">network</SPAN> <SPAN class="hps">172.20.1.0</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN lang="en"><SPAN class="hps">Thanks</SPAN></SPAN></P> Tue, 12 Mar 2019 04:48:12 GMT https://community.cisco.com/t5/network-security/acl/m-p/2521052#M206760 kakkouche 2019-03-12T04:48:12Z https://community.cisco.com/t5/network-security/acl/m-p/2521053#M206761 <P>Hi,</P><P>Writing ac ACL would require these details:-</P><P>1) The traffic is moving from higher to Lower or Lower to Higher Security Interfaces ?</P><P>2) Access Group direction where the traffic needs to be blocked ?</P><P>Once , you have this you can use this syntax:-</P><P>access-list &lt;name&gt; permit &lt;protocol&gt; &lt;Source Address/Subnet&gt; &lt;mask&gt; &lt;Destination Address/Subnet&gt; &lt;mask&gt;</P><P>Refer:-</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_overview.html</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Sun, 05 Oct 2014 06:09:00 GMT https://community.cisco.com/t5/network-security/acl/m-p/2521053#M206761 Vibhor Amrodia 2014-10-05T06:09:00Z https://community.cisco.com/t5/network-security/acl/m-p/2521054#M206762 <P>If you are allowing access from the internet then the ACL would look like the following:</P><P>access-list ACLNAME permit tcp any host 172.20.1.0 eq http</P><P>access-group ACLNAME in interface &lt;interface name&gt;</P><P>Keep in mind that if you are allowing traffic in from the internet to a web server, you will also need to set up a NAT statement for this traffic as well.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts<BR />&nbsp;</P> Mon, 06 Oct 2014 07:39:43 GMT https://community.cisco.com/t5/network-security/acl/m-p/2521054#M206762 Marius Gunnerud 2014-10-06T07:39:43Z