05-08-2012 06:38 AM - edited 03-11-2019 04:03 PM
An ACL has been applied on the inside interface to of the ASA 8.4 but it is not working. The aim of this list to allow only a few host for outside access and deny rest of the hosts for outside access. The syntex of the access list is
access-list ACL-Inside extended permit ip host 192.168.100.101 any
access-list ACL-Inside extended permit ip host 192.168.100.108 any
access-list ACL-Inside extended permit ip host 192.168.100.109 any
access-list ACL-Inside extended permit ip host 192.168.100.243 any
access-list ACL-Inside extended permit ip host 192.168.100.241 any
access-group ACL-Inside in interface inside
05-08-2012 09:09 AM
Hello,
Can you run a packet tracer?
packet-tracer inpunt inside tcp 192.168.100.241 1025 4.2.2.2 80
Send us the output.
Mike
05-08-2012 09:43 AM
Did you configure the NAT statement for the inside hosts to be mapped to a public IP? The below config will NAT 192.168.100.0 -100.254 to outside interface and the access-list you defined only allow those hosts to go out.
object network Inside_Net
subnet 192.168.100.0 255.255.255.0
nat (inside, outside) dynamic interface
If you alread did the above config please send us the packet capture as Mike requested.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide