Solved: NEtWORK ACCESS

fb_webuser · ‎09-21-2012

Needing help with ASA Firwall matter... adding or exchaning Ip address to allow for access

---

Posted by WebUser Regina Hooks from Cisco Support Community App

Jennifer Halim · ‎09-25-2012

Hmm.. what is the exact access-list line that you need to change?

The original access-list that you posted doesn't have "www" at the end.

This is the one that you posted originally:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.**587

If it does have "www" at the end, then yes, just copy the exact line and just change the ip address and leave everything else in the acl as is.

So if the line says:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.** eq www

Just change the ip address that you want to change:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.200.** eq www

View solution in original post

Jennifer Halim · ‎09-21-2012

Pls share your current config, and advise what exactly you would need to add or exchange and we can help with the exact commands.

fb_webuser · ‎09-24-2012

See the 70. IPs below I need to change those to the correct ones, they are no longer valid.

access-list Acl-Internet-Ingress extended permit tcp any host 70.166.**.** eq 3389

access-list Acl-Internet-Ingress extended permit tcp any host 70.166.**.** eq smtp

access-list Acl-Internet-Ingress extended permit tcp any host 70.166.**.** eq www

access-list Acl-Internet-Ingress extended permit tcp any host 70.166.**.* eq pptp

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.**587

---

Posted by WebUser Regina Hooks from Cisco Support Community App

Jennifer Halim · ‎09-24-2012

Just configure the new access-list line with the correct ip address and then remove the line that has the incorrect IP.

Eg:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.200.**587

no access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.**587

fb_webuser · ‎09-24-2012

What's the commands to do that?

---

Posted by WebUser Regina Hooks from Cisco Support Community App

Jennifer Halim · ‎09-24-2012

The example that i gave above is the command to do it.

fb_webuser · ‎09-25-2012

I appologize Halijenn, i must be missing something... I should put in: ( access-list Acl-Internet-Ingress extended permit tcp any host 70.*.200.*587) using the 587 at the end? Instead of www ?

---

Posted by WebUser Regina Hooks from Cisco Support Community App

Jennifer Halim · ‎09-25-2012

Hmm.. what is the exact access-list line that you need to change?

The original access-list that you posted doesn't have "www" at the end.

This is the one that you posted originally:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.**587

If it does have "www" at the end, then yes, just copy the exact line and just change the ip address and leave everything else in the acl as is.

So if the line says:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.199.** eq www

Just change the ip address that you want to change:

access-list Acl-Internet-Ingress extended permit tcp any host 70.**.200.** eq www

fb_webuser · ‎09-26-2012

thx will try again

---

Posted by WebUser Regina Hooks from Cisco Support Community App

fb_webuser · ‎10-29-2012

pls i need to ASA firewall Solutions materials for study."very important"

---

Posted by WebUser Mohamed Ezzat from Cisco Support Community App

Jennifer Halim · ‎10-29-2012

Here is a number of Cisco Press book for ASA:

http://www.ciscopress.com/search/index.asp?query=ASA

Cisco ASA, PIX, and FWSM Firewall Handbook, 2nd Edition

Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, 2nd Edition