Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
8
Replies

Extended Access List

Mohammed Yusuf
Level 1
Level 1

‎03-22-2015 01:42 PM - edited ‎03-11-2019 10:40 PM

Hi,

 

I am testing a cloud access point and I think Asa5505 is blocking external 8443 to access the cloud portal.

 

i tried to create an access point to allow the access point from internal to external but i seem to be struggling to get it working, not sure where to check. I created the access list something like this.

access-list acl-outside extended permit tcp host 172.16.10.8 eq 8443 any

not sure where I am going wrong?

Appreciate your help.

 

thanks,

Labels:
0 Helpful
8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

‎03-22-2015 01:44 PM

Need a bit more information than that.

What is trying to access what ie. source and destination IPs and port numbers.

Plus please post configuration of your ASA.

Jon

0 Helpful

Mohammed Yusuf
Level 1
Level 1
In response to Jon Marshall

‎03-23-2015 12:46 AM

Hey Jon,

The source port could be anything. I am trying to reach to 

https://003.unificloud.co.uk:8443/ 

and I only want to allow only 2 or 3 Access point,

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Mohammed Yusuf

‎03-24-2015 04:06 AM

Hi,

If I understand it correctly , I think we are trying to allow the Outbound traffic to the Access point through the ASA device.

I think this ACL is applied on the inside interface:-

access-list acl-outside extended permit tcp host 172.16.10.8 eq 8443 any

In that case , I see that ACE is incorrect:-

access-list acl-outside extended permit tcp host 172.16.10.8 any eq 8443

Allow the Source IP which you want as per the requirement.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Mohammed Yusuf
Level 1
Level 1
In response to Vibhor Amrodia

‎03-24-2015 05:59 AM

Hi,

 

I tried your suggestion 

access-list acl-outside extended permit tcp host 172.16.10.8 any eq 8443

It does not seem to work. where can I see or troubleshoot?

 

Thanks,

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Mohammed Yusuf

‎03-24-2015 06:14 AM

Hi ,

I think the easiest way would be test the policies using the packet tracer command on the AS device.

Refer:-

https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Mohammed Yusuf
Level 1
Level 1
In response to Vibhor Amrodia

‎03-30-2015 12:04 PM

I got this error on the packet tracer.

Preview file
50 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mohammed Yusuf

‎03-30-2015 12:16 PM

Is Vibhor correct ie. you are trying to allow traffic from the inside of your ASA to the outside.

Can you confirm that is what you are trying to do ?

If so can you run this at the CLI and post results together with your ASA configuration -

"packet-tracer input inside tcp 172.16.10.8 12345 <public IP> 8443"

where the public IP is the one you are trying to connect to.

Jon

0 Helpful

Mohammed Yusuf
Level 1
Level 1
In response to Jon Marshall

‎04-02-2015 04:49 AM

Hi Jon,


I am only trying to access this site

https://003.unificloud.co.uk:8443 

I can ping it but unable to access on port 8443.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card