09-09-2019 05:27 PM
Hello All,
I have 3 interfaces: outside, inside0, inside1. both inside interfaces routes to outside correctly. I have user A in inside0 and DVR in inside1. I need to allow user A to access DVR in inside1 port 80
inside0 = security-level 80
inside1 = security-level 100
ASA 5506x
Cisco Adaptive Security Appliance Software Version 9.8(2)
Can anyone help?
Solved! Go to Solution.
09-09-2019 08:36 PM
You applied the ACL to the wrong interface:
@mbowden7 wrote:
@balaji.bandi That didn't work for me! Any other ideas
access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7
access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b
access-group INBOUND_DVR in interface outside_COMCAST
It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.
09-09-2019 05:57 PM
You can create ACL below example : ( replace the relevant information as per your environment)
access-list DVR_ALLOW permit ip USER_A_IP 255.255.255.0 DVR_IP 255.255.255.0 eq 80
access-group DVR_ALLOW in interface inside1
09-09-2019 06:02 PM
If they are individual user/device addresses then the subnet mask should be /32 (255.255.255.255).
09-09-2019 06:39 PM
@balaji.bandi That didn't work for me! Any other ideas
access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7
access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b
access-group INBOUND_DVR in interface outside_COMCAST
09-09-2019 08:36 PM
You applied the ACL to the wrong interface:
@mbowden7 wrote:
@balaji.bandi That didn't work for me! Any other ideas
access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7
access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b
access-group INBOUND_DVR in interface outside_COMCAST
It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: