09-22-2015 01:03 PM - last edited on 03-25-2019 05:57 PM by ciscomoderator
Hi Cisco Community -
So I'm getting better at ASA's, but still have some items to work through. I have a customer who has requested an ACL policy to allow a few servers with different sub-interfaces to communicate with each other over specified ports. I was hoping for some assistance with the ACL creation.
!
interface GigabitEthernet0/2.107
vlan 107
nameif host_1
security-level 25
ip address 192.168.107.1 255.255.255.0
!
interface GigabitEthernet0/2.108
vlan 108
nameif host_2
security-level 25
ip address 192.168.108.1 255.255.255.0
!
I have a windows host sitting on vlan 108 that needs to speak to a device sitting on vlan 107 over the following ports -
www
443
25
161
Here is what I've done config wise so far. My question is there anything missing and do I need to specify an outgoing interface?
Solved! Go to Solution.
09-27-2015 12:15 PM
Hi,
Once you have your Access-list configured you just need to apply it on the desired interface.
Use "access-group" command to apply the ACL on the ingress interface in inward direction.
Hope it helps!!!
R.Seth
09-27-2015 12:15 PM
Hi,
Once you have your Access-list configured you just need to apply it on the desired interface.
Use "access-group" command to apply the ACL on the ingress interface in inward direction.
Hope it helps!!!
R.Seth
09-28-2015 09:28 AM
Thank you Risseth - I had it originally applied as out vs in... Changed the direction as most should be "in" when I place myself as the ASA. This resolved my issue and associated it with the correct interface.
Thanks!
09-28-2015 10:58 AM
Great!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide