Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
2
Replies

Problem with Rules Order ACL

r.vanschendel
Level 1
Level 1

‎12-19-2016 10:14 AM - edited ‎03-12-2019 01:40 AM

Hi

I have a ASA 5545 with version 9.4(2)11 in routed mode

And I have problems with the Global ACL.

I started with ACL's on the interfaces and that works fine. I put an ACL's on the interfaces with the lowest security and I use the ASA default that traffic is possible from a higher security interface to a lower security interface. 

But I have now build also Global ACL's and the problem is that the traffic from the higher security interface to the lower security interface is not working anymore.

It works only when I create in the Global ACL the rule permit any any , just before the deny any any rule.

When I read the documentation I think the order of rules is

1e  Traffic from an higher security interface to lower security interface.

2e  Interface ACL

3e  Global ACL

What could be the problem ?

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎12-19-2016 11:00 AM

The moment there is an ACL in place in a particular direction, the default behavior is not used any more. And if you have configured a rule in the global ACL, then traffic entering the ASA on any interface is subject to the ACLs and defaults are ignored.

0 Helpful

MANI .P
Level 1
Level 1

‎12-20-2016 02:30 AM

can you do packet-tracer from outside low to high interface host ?

share configuration as well .

Thanks ,

Mani

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card