- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2018 04:13 PM - edited 02-21-2020 10:43 AM
Hi All,
Before applying any new firewall rule (source, destination, port) is there any way , i mean a show command in ASA to check whether rule is already permitted or denied by ACL ?
Regards,
Muhammed
Solved! Go to Solution.
- Labels:
-
Other NAC
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2018 05:45 PM
There's no tool for that, however you can use packet-tracer embedded in asa to test a traffic and if this traffic is allowed you'll see a success result if not allowed you'll get a fail status. This way you'll be able to see if your acl needs to be created or not.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2018 05:45 PM
There's no tool for that, however you can use packet-tracer embedded in asa to test a traffic and if this traffic is allowed you'll see a success result if not allowed you'll get a fail status. This way you'll be able to see if your acl needs to be created or not.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2018 12:26 AM
Put an IP from the source or destination object and you will see what rule
is matching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2018 04:06 PM
"Sh access-list XXXXX" syntax didn't work. Best way I believe doing via the packet tracer syntax.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2020 09:24 AM
https://aclcheck.ru
