07-22-2009 07:09 AM - edited 03-11-2019 08:57 AM
I have configured the following ACL but when I check on the ASDM it is showing me as deny, I have check the config and can't see any issue with it.
Can someone help, here is the config:
name 163.1.158.138 misibm02b
object-group network oucs_training_room
network-object host 192.76.26.39
network-object host 192.76.26.40
network-object host 192.76.26.41
object-group service oracle-ports-02b tcp
port-object eq 8030
port-object eq 9030
port-object eq 8033
port-object eq 9033
port-object eq 1551
port-object eq 1554
port-object eq 8026
port-object eq 9026
port-object eq 1546
port-object eq 1610
access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b
Error on ASDM:
4|Jul 22 2009|11:28:14|106023|192.76.26.41|1134|misibm02b|8030|Deny tcp src outside:192.76.26.41/1134 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:41|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
07-22-2009 07:46 AM
output of 'show access-list acl_out' and 'show run access-group' please.
or try this:
no access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b
access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b
07-23-2009 01:50 AM
Thanks, that worked.
But why would the ASDM not get the command in the right order.
07-22-2009 07:47 AM
try clearing the ADSM Cache, then refresh with the running config.
HTH>
07-22-2009 08:21 AM
The reason it is failing is you have the "oracle-ports-02b" in the source part of the ACL, it should only be in the destination part, i.e.
access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b
Give that a whirl and see how you get on.
07-23-2009 01:50 AM
But why would the ASDM not get the command in the right order?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide