Solved: ASA ACL Issues

michaelkimiti · ‎03-09-2015

Hey guys, have an asa question here. Was configuring an asa 5505 to limit users to only access only company resources and skype. I got skype working but the defined sites in the acl's aren't accessible. What am I doing wrong. Config file is attached

Vibhor Amrodia · ‎03-09-2015

Hi,

I think if the websites that you are trying to allow are using this same IP address , then the ACL rule is created correctly.

I think most probably , the Websites are either using multiple IP addresses being resolved to the domain or is being redirected to a different IP.

I think what you can do is enable the ASDM debug logging and filter the logs when you try to access the Website and see which ip address is getting denied.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎03-09-2015

Hi,

I think if the websites that you are trying to allow are using this same IP address , then the ACL rule is created correctly.

I think most probably , the Websites are either using multiple IP addresses being resolved to the domain or is being redirected to a different IP.

I think what you can do is enable the ASDM debug logging and filter the logs when you try to access the Website and see which ip address is getting denied.

Thanks and Regards,

Vibhor Amrodia

michaelkimiti · ‎03-10-2015

Thanks, after checking the logs I realized that I hadn't permitted dns servers on the ACL's.

I'm such a noob, lol