Solved: Re: ASA rule check

CCOCNSC21 · ‎01-03-2018

Hi All,

Before applying any new firewall rule (source, destination, port) is there any way , i mean a show command in ASA to check whether rule is already permitted or denied by ACL ?

Regards,

Muhammed

Francesco Molino · ‎01-03-2018

Hi

There's no tool for that, however you can use packet-tracer embedded in asa to test a traffic and if this traffic is allowed you'll see a success result if not allowed you'll get a fail status. This way you'll be able to see if your acl needs to be created or not.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎01-03-2018

Hi

There's no tool for that, however you can use packet-tracer embedded in asa to test a traffic and if this traffic is allowed you'll see a success result if not allowed you'll get a fail status. This way you'll be able to see if your acl needs to be created or not.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Mohammed al Baqari · ‎01-04-2018

Another way is to use show access-l x.x.x.x

Put an IP from the source or destination object and you will see what rule
is matching

CCOCNSC21 · ‎01-04-2018

Hi,

"Sh access-list XXXXX" syntax didn't work. Best way I believe doing via the packet tracer syntax.

GSA · ‎05-15-2020

cisco IOS access-list verification tool
https://aclcheck.ru