Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
3
Replies

FWSM ACL not working

craig bache
Level 1
Level 1

‎02-27-2013 12:36 PM - edited ‎03-11-2019 06:07 PM

Hi All

I was woundering if you could help on a issue I am seeing on a FWSM running 3.1.16. A new ACL has been entered:

1) ACL RULE is :

access-list access_in line 1 extended permit tcp any host x.x.x.x eq 6801 (hitcnt=0)

 

2) I do a capture to prove the packet is hitting the firewall and the correct interface :

FWSM/VFW(config)# show capture

capture cap type raw-data access-list 169 interface VRF [Capturing - 0 bytes]

FWSM/VFW(config)# show cap cap

1 packet seen, 1 packet captured

1: 17:31:36.1262257688 802.1Q vlan#3098 P0 y.y.y.y.3256 > x.x.x.x.6801: S 3510385702:3510385702(0) win 65535 <mss 1380,nop,nop,sackOK>

1 packet shown

 

3) However, the packet gets blocked in the firewall. I see no Hits and ASDM log displays (DENY)

Regards Craig

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎02-27-2013 12:38 PM

Hi,

Is the ACL actually attached to the interface?

access-group access_in in interface VRF

- Jouni

0 Helpful

craig bache
Level 1
Level 1
In response to Jouni Forss

‎02-27-2013 12:41 PM

Thanks for the response.

Yes I have the access-list on the correct interface,

access-group access_in in interface VRF

Regards Craig

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to craig bache

‎02-27-2013 12:51 PM

Hi,

Could you share the configuration of the source and destination interface

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card