Solved: ACL not showing in ASDM 7.1 (ASA 9.0)

Anuar Shahrin · ‎05-01-2013

Hi all,

I've configured a couple of ACL rules via CLI in my ASA.

When i checked in the ASDM, it only shows the basic rules that was configured by default and did not show the rules that i've created.

Anyone else facing the same problem?

Thank you

Jouni Forss · ‎05-01-2013

Hi,

The above output that you mentioned

access-group Outside_access_in in interface outside

access-group DMZ_access_in in interface DMZ

Means that

You have an ACL named "Outside_access_in" that is attached to the interface "outside"
- This ACL controls connections coming towards ("in") the interface. In other words from the networks behind that interface
You have an ACL named "DMZ_access_in" that is attached to the interface "DMZ"
- This ACL controls connections coming towards ("in") the interface. In other words from the networks behind that interface

So the above named ACLs should show in the ASDM in the Configuration -> Firewall -> Access Rules -section since that section describes the interface Access Rules.

So all the rules that you have added to those ACLs should show here.

If you simply created some new ACL (with another ACL name) and didnt attach it to any interface on the ASA, then it will NOT show on this window.

- Jouni

View solution in original post

Jouni Forss · ‎05-01-2013

Hi,

Can you please provide the exact configurations that you input on the CLI.

Initially I thought you might have configured ACLs and had not attached them to any interface.

Or maybe when you created new rules you actually made them with different ACL name so they arent in any use at the moment.

- Jouni

Anuar Shahrin · ‎05-01-2013

On my Access-group, only 2 ACL rules that is attached to interface

CBJ# sh run acc

CBJ# sh run access-gr

access-group Outside_access_in in interface outside

access-group DMZ_access_in in interface DMZ

CBJ#

is that the reason? only the rules that attached to interface will be shown in ASDM?

Jouni Forss · ‎05-01-2013

Hi,

The above output that you mentioned

access-group Outside_access_in in interface outside

access-group DMZ_access_in in interface DMZ

Means that

You have an ACL named "Outside_access_in" that is attached to the interface "outside"
- This ACL controls connections coming towards ("in") the interface. In other words from the networks behind that interface
You have an ACL named "DMZ_access_in" that is attached to the interface "DMZ"
- This ACL controls connections coming towards ("in") the interface. In other words from the networks behind that interface

So the above named ACLs should show in the ASDM in the Configuration -> Firewall -> Access Rules -section since that section describes the interface Access Rules.

So all the rules that you have added to those ACLs should show here.

If you simply created some new ACL (with another ACL name) and didnt attach it to any interface on the ASA, then it will NOT show on this window.

- Jouni

Anuar Shahrin · ‎05-01-2013

Thanks Jouni,

So if the ACL rules is created for other purpose such as VPN, it will not be shown in the ASDM access-rules section?

Thank you

Jouni Forss · ‎05-01-2013

Hi,

Yes, Access Rules section only shows the ACLs already attached to an interface. Some other sections of the ASDM, like the mentioned VPN, lets you create a new ACL and use it in the related configurations or you can choose an existing ACL on the ASA that was created previously.

Please mark the question as answered, if it was.

Ask more if needed

- Jouni

Anuar Shahrin · ‎05-01-2013

Thanks Jouni, now i understand how it works.

CharlesPatino3076 · ‎04-06-2020

can you tell ours, how you solve this issue please?