Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
691
Views
0
Helpful
2
Replies

Trouble with ACLs

fncnet2005
Level 1
Level 1

‎01-23-2007 12:11 PM - edited ‎03-11-2019 02:23 AM

Hello all,

I have an ASA5510 running 7.2 and asdm 5.2.

I am trying to setup a Web server on the DMZ. I need it to be able to communicate with an internal mail server. I followed the example in the getting started guide, but am running into a problem. On the webserver, I am running NTP and what is happening is that the return packet to my webservers ntp queries are being dropped. Now my question, if the webserver on the DMZ initiates comms with the outside, shouldn't the return packets be allowed, or will I have to edit the acl to explicitely allow the return packets? Furthermore, there is is only "incoming" and "outgoing" in ASDM. Where is the "established"?

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎01-23-2007 01:09 PM

What do your acl's look like?

If you created an acl "in interface DMZ" you will have to permit everything you want to go outbound, including udp 123 (ntp) before the explicit deny any any at the end of the acl.

Most likely the asa is not blocking the return traffic, it is probably blocking traffic into DMZ interface, as it is stateful and does not need "established" keyword.

0 Helpful

fncnet2005
Level 1
Level 1
In response to acomiskey

‎01-23-2007 06:33 PM

My bad. That is exactly what was happening. I did not explicitly allow the traffic out. Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card