cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1387
Views
0
Helpful
2
Replies
Beginner

ACL not working in ASA 8.4

An ACL has been applied on the inside interface to of the ASA 8.4 but it is not working. The aim of this list to allow only a few host for outside access and deny rest of the hosts for outside access. The syntex of the access list is

access-list ACL-Inside extended permit ip host 192.168.100.101 any

access-list ACL-Inside extended permit ip host 192.168.100.108 any

access-list ACL-Inside extended permit ip host 192.168.100.109 any

access-list ACL-Inside extended permit ip host 192.168.100.243 any

access-list ACL-Inside extended permit ip host 192.168.100.241 any

access-group ACL-Inside in interface inside

Everyone's tags (5)
2 REPLIES 2
Cisco Employee

ACL not working in ASA 8.4

Hello,

Can you run a packet tracer?

packet-tracer inpunt inside tcp 192.168.100.241 1025 4.2.2.2 80

Send us the output.

Mike

Mike
Highlighted
Enthusiast

ACL not working in ASA 8.4

Did you configure the NAT statement for the inside hosts to be mapped to a public IP? The below config will NAT 192.168.100.0 -100.254 to outside interface and the access-list you defined only allow those hosts to go out.

object network Inside_Net

subnet 192.168.100.0 255.255.255.0

nat  (inside, outside)  dynamic interface

If you alread did the above config please send us the packet capture as Mike requested.

Siddhartha