Hello All, I need to allow traffic thru my ASA for expressway. Per the guide they want a range of TCP and UDP ports open into my DMZ from inside and outside. I thought I wrote this out correctly but, when I check it via packet tracer is says that my packets is dropped by the "implicit" deny IP any any on my inside interface when testing inside to DMZ...this is what I did:
object-group service ExpresswayC_to_ExpresswayE tcp-udp
port-object eq 7400
port-object eq 2222
port-object range 25000 29999
port-object range 36000 59999
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list in-inside remark Allow ExpresswayC communication to ExpresswayE
access-list in-inside extended permit object-group TCPUDP host 192.168.20.20 host xxx.xxx.xxx.xxx object-group ExpresswayC_to_ExpresswayE log
Does this look correct? The above is just the ACL for inbound traffic on the inside interface.
Thanks,
Daniel