02-27-2013 12:36 PM - edited 03-11-2019 06:07 PM
Hi All
I was woundering if you could help on a issue I am seeing on a FWSM running 3.1.16. A new ACL has been entered:
1) ACL RULE is :
access-list access_in line 1 extended permit tcp any host x.x.x.x eq 6801 (hitcnt=0)
2) I do a capture to prove the packet is hitting the firewall and the correct interface :
FWSM/VFW(config)# show capture
capture cap type raw-data access-list 169 interface VRF [Capturing - 0 bytes]
FWSM/VFW(config)# show cap cap
1 packet seen, 1 packet captured
1: 17:31:36.1262257688 802.1Q vlan#3098 P0 y.y.y.y.3256 > x.x.x.x.6801: S 3510385702:3510385702(0) win 65535 <mss 1380,nop,nop,sackOK>
1 packet shown
3) However, the packet gets blocked in the firewall. I see no Hits and ASDM log displays (DENY)
Regards Craig
02-27-2013 12:38 PM
Hi,
Is the ACL actually attached to the interface?
access-group access_in in interface VRF
- Jouni
02-27-2013 12:41 PM
Thanks for the response.
Yes I have the access-list on the correct interface,
access-group access_in in interface VRF
Regards Craig
02-27-2013 12:51 PM
Hi,
Could you share the configuration of the source and destination interface
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide