https://community.cisco.com/t5/network-security/acl/m-p/1648337#M559320 <P>Guys</P><P></P><P>I m Applying access list in the inside interface of my ASA 5510,so Please check the below if its correct or not,</P><P></P><P>access-list in_out extended permit tcp 15.5.0.0 255.255.0.0 any eq 80</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 443</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 25</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 23</P><P>access-list in_out extended permit&nbsp; tcp&nbsp; 15.5.0.0 255.255.0.0 any eq ftp</P><P></P><P></P><P></P><P></P><P>Option 2</P><P></P><P>access-list in_out extended permit&nbsp; ip 15.5.0.0 255.255.0.0 any</P><P></P><P></P><P></P><P></P><P>access-group in_out in interface inside</P> Mon, 11 Mar 2019 20:10:55 GMT Ibrahim Jamil 2019-03-11T20:10:55Z https://community.cisco.com/t5/network-security/acl/m-p/1648337#M559320 <P>Guys</P><P></P><P>I m Applying access list in the inside interface of my ASA 5510,so Please check the below if its correct or not,</P><P></P><P>access-list in_out extended permit tcp 15.5.0.0 255.255.0.0 any eq 80</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 443</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 25</P><P>access-list in_out extended permit&nbsp; tcp 15.5.0.0 255.255.0.0 any eq 23</P><P>access-list in_out extended permit&nbsp; tcp&nbsp; 15.5.0.0 255.255.0.0 any eq ftp</P><P></P><P></P><P></P><P></P><P>Option 2</P><P></P><P>access-list in_out extended permit&nbsp; ip 15.5.0.0 255.255.0.0 any</P><P></P><P></P><P></P><P></P><P>access-group in_out in interface inside</P> Mon, 11 Mar 2019 20:10:55 GMT https://community.cisco.com/t5/network-security/acl/m-p/1648337#M559320 Ibrahim Jamil 2019-03-11T20:10:55Z https://community.cisco.com/t5/network-security/acl/m-p/1648338#M559324 <HTML><HEAD></HEAD><BODY><P>Hello Ibrahim,</P><P></P><P>Both access-lists options stated are perfect as per the configuration is concerened and seem to allow only 15.15.0.0/16 subnets to have access to outside.</P><P></P><P>Option 1 will only allow inside users(15.15.0.0/8) to reach outside world on HTTP, HTTPS, SMTP, TELNET &amp; FTP, while option 2 will alllow compete TCP &amp; UDP access to users. Please reply back with your requirement to evaluate this further.</P><P></P><P>Hope this helps.</P><P></P><P></P><P>Regards,<BR />Chirag</P><P><SPAN style="font-size: 8pt;">P.S.: please mark this thread as resolved if you feel your query is resolved. Do rate helpful posts. Thanks.</SPAN></P></BODY></HTML> Tue, 22 Mar 2011 18:27:50 GMT https://community.cisco.com/t5/network-security/acl/m-p/1648338#M559324 csaxena 2011-03-22T18:27:50Z https://community.cisco.com/t5/network-security/acl/m-p/1648339#M559327 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P></P><P>what would you prefer?option 1 or option 2 form ur security point of view,i m looking for restricted access</P><P></P><P></P><P>how to make option 1 in one line config</P></BODY></HTML> Tue, 22 Mar 2011 18:52:27 GMT https://community.cisco.com/t5/network-security/acl/m-p/1648339#M559327 Ibrahim Jamil 2011-03-22T18:52:27Z https://community.cisco.com/t5/network-security/acl/m-p/1648340#M559333 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Option 1 is restricted to the ports mentioned in the ACL.</P><P></P><P>if you want to use option 1 in one line then option 2 is the way out.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 23 Mar 2011 03:50:53 GMT https://community.cisco.com/t5/network-security/acl/m-p/1648340#M559333 andamani 2011-03-23T03:50:53Z https://community.cisco.com/t5/network-security/acl/m-p/1648341#M559338 <HTML><HEAD></HEAD><BODY><P>Thanks for adding this Anisha.</P><P></P><P>Ibrahim, I would suggest to use the following as one liner for option 1:</P><P><STRONG>access-list in_out extended permit tcp 15.5.0.0 255.255.0.0 any </STRONG></P><P></P><P>This will include all TCP ports and unlike IP, it will not include UDP ports.&nbsp; This will solve our purpose to to open TCP ports 80, 443, 25, 23, 20 &amp; 21.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Chirag</P><P></P><P>P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 23 Mar 2011 15:05:56 GMT https://community.cisco.com/t5/network-security/acl/m-p/1648341#M559338 csaxena 2011-03-23T15:05:56Z