cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
221
Views
0
Helpful
2
Replies

Problem with Rules Order ACL

r.vanschendel
Beginner
Beginner

Hi

I have a ASA 5545 with version 9.4(2)11 in routed mode

And I have problems with the Global ACL.

I started with ACL's on the interfaces and that works fine. I put an ACL's on the interfaces with the lowest security and I use the ASA default that traffic is possible from a higher security interface to a lower security interface. 

But I have now build also Global ACL's and the problem is that the traffic from the higher security interface to the lower security interface is not working anymore.

It works only when I create in the Global ACL the rule permit any any , just before the deny any any rule.

When I read the documentation I think the order of rules is

1e  Traffic from an higher security interface to lower security interface.

2e  Interface ACL

3e  Global ACL

What could be the problem ?

2 Replies 2

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

The moment there is an ACL in place in a particular direction, the default behavior is not used any more. And if you have configured a rule in the global ACL, then traffic entering the ASA on any interface is subject to the ACLs and defaults are ignored.

MANI .P
Beginner
Beginner

can you do packet-tracer from outside low to high interface host ?

share configuration as well .

Thanks ,

Mani

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers