cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
823
Views
5
Helpful
15
Replies

ASA 5510 ACL issue

fuenteslg
Level 1
Level 1

Hi guys,

I'm newbie in a FW matters, I need to apply some filters between our corporate network and our industrial networks (FTP traffic and some special ports for telnet matters). For that I'm using an ASA 5510 building a etherchannel with 3 of its Fa interfaces, over the main portchannel I set the corporate network access with a higher security level and the I created a few sub interfaces with a different VLAN each one and lower security level.

Then I used some NAT configuration in order to go from the industrial network to some specific FTP server in the corporate network.

When I try to use an ACL just to permit the FTP traffic inbound over the corporate interface all traffic is dropped by the global implicit rule to deny any to any traffic.

Why can I do to enable the ftp traffic?

Regards,

G.Fuentes

Sent from Cisco Technical Support iPhone App

15 Replies 15

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

It would be easier to go through this seeing the configurations.

You say that you have configured a Etherchannel between the ASA and some other device. This means that you are atleast using software level 8.4(1)

This in  turn means that you dont need any NAT configurations between your local interfaces UNLESS you specifically want to NAT some IP addresses or networks to something else.

With the ACLs its important to remember that when your software level is equal or above 8.3(1) that you always use the hosts real IP address in the ACL rules even if you have configured NAT for it.

- Jouni