11-14-2013 11:55 AM - edited 03-11-2019 08:05 PM
We have a site that requires access to a single outside address.
No access is required outside to inside.
This inside does require certain ports to accessed whcih are listed configed in the attached config.
We are unable to access the vendor at the 94.94.94.3 on any port.
Do we need to code an acl to allow the ports to be accessed both ways as shown in this object-group service rfguns_tcp tcp?
All of the devices are on the 192.168.223.0 network
If an acl is needed what would it be?
Any help appreciated.
Thanks
Solved! Go to Solution.
11-15-2013 05:39 AM
That's it
Glad to know I could help
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-14-2013 12:09 PM
woops, sent wrong attachment. this is the actual config. the vendor IP is not the 94.94.94.3. it as as reflected in the config.
11-14-2013 01:03 PM
Please point out what is the source interface and what is the IP address that you are testing from so I can give you an example packet-tracer and simulate traffic.
11-15-2013 04:11 AM
Jumora
The inside is 192.168.223.0, the outside addr is 12.163.226.3 and the vendor addr we are trying to access on all the ports is 208.40.10.149.
11-14-2013 02:33 PM
So the vendor IP is 208.40.10.149????? RIght?
If that is the case.then you are allowing this traffic to it:
object-group service rfguns_tcp tcp
description allow mprodigy access to rf guns
port-object eq 9001
port-object eq 9004
port-object eq 9008
port-object eq 9009
port-object eq www
port-object eq https
object-group service rfguns_udp udp
description allowmprodigy access ti rf guns
port-object eq 9002
Add the following:
no route inside 0.0.0.0 255.255.255.0 192.168.223.254
On which port are you connecting, from which IP address.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-15-2013 04:08 AM
Thank you much for responding.
Yes the vendor is 208.40.10.149.
All the inside addr range 192.168.223.0 needs to be able to access on the tcp ports listed in
object-group service rfguns_tcp tcp
and the one udp port in the config. rfguns_udp udp
11-15-2013 05:22 AM
Julio
One other thing I want to do is to deny the inside network 192.168.223.0 to access any other addr except the vendor addr of 208.40.10.149. What is the proper acl to do that?
FYI
Removing the route is what made this work and making sure the gateway which is the inside addr of the FW was present in the IP config.
I will rate it.
Thanks
11-15-2013 05:39 AM
That's it
Glad to know I could help
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-15-2013 06:31 AM
Julio
Did you see this question I also asked?
One other thing I want to do is to deny the inside network 192.168.223.0 to access any other addr except the vendor addr of 208.40.10.149. What is the proper acl to do that?
11-15-2013 06:41 AM
You are already doing it
WIth the configuration you have you are allowing traffic to only that IP address.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide