Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
2
Replies

ACL

kakkouche
Level 1
Level 1

‎09-22-2014 08:47 AM - edited ‎03-11-2019 09:48 PM

I want to write an acl that allows HTTP traffic to a single network 172.20.1.0

 

Thanks

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-04-2014 11:09 PM

Hi,

Writing ac ACL would require these details:-

1) The traffic is moving from higher to Lower or Lower to Higher Security Interfaces ?

2) Access Group direction where the traffic needs to be blocked ?

Once , you have this you can use this syntax:-

access-list <name> permit <protocol> <Source Address/Subnet> <mask> <Destination Address/Subnet> <mask>

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_overview.html

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Marius Gunnerud
VIP
VIP

‎10-06-2014 12:39 AM

If you are allowing access from the internet then the ACL would look like the following:

access-list ACLNAME permit tcp any host 172.20.1.0 eq http

access-group ACLNAME in interface <interface name>

Keep in mind that if you are allowing traffic in from the internet to a web server, you will also need to set up a NAT statement for this traffic as well.

--

Please remember to select a correct answer and rate helpful posts
 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card