Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
5
Helpful
3
Replies

Trying to configure ASA 5505, trying to add access-list rules, any4 is invalid input??

Go to solution
Pete Johnstone
Level 1
Level 1

‎11-09-2016 08:06 PM - edited ‎03-12-2019 01:30 AM

As the title says, I'm mostly copying a lot of the config from other devices we have - and while I understand a lot of it, I don't have much experience with Cisco devices, as such I'm running into little bumps along the way.  The devices I'm using to guide me have the following two lines (one is an ASA 5505 and another 5506 if that matters at all, they both have the lines):

access-list inside_mpc extended permit tcp any4 any4 eq www

access-list inside_mpc extended permit tpc any4 any4 eq 8080

For some reason when I type either of these lines into the config on the new 5505 I just get this:

access-list inside_mpc extended permit tcp any4 any4 eq 8080

                                                                                  ^
ERROR: % Invalid input detected at '^' marker.

So, it doesn't like the "any4" designation (the ^ shows up under the first 4), unfortunately it doesn't tell me anything else so I don't know what exactly the issue is.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-09-2016 08:14 PM

Hello Pete,

You don't have to specify the "any4" keyword. "any" would suffice.
Try this

access-list inside_mpc extended permit tcp any any eq 8080
access-list inside_mpc extended permit tcp any any eq www

 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-09-2016 08:14 PM

Hello Pete,

You don't have to specify the "any4" keyword. "any" would suffice.
Try this

access-list inside_mpc extended permit tcp any any eq 8080
access-list inside_mpc extended permit tcp any any eq www

 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎11-09-2016 08:16 PM

hi,

is your ASA 5505 pre 9.x image? could you post a show version output?

please use the keyword any instead as any4 was introduced in 9.0(1) to represent 'any' IPv4 traffic only.

see helpful link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/acl_extended.html

Go to solution
Pete Johnstone
Level 1
Level 1
In response to johnlloyd_13

‎11-09-2016 08:36 PM

You're right, here's the version:

Cisco Adaptive Security Appliance Software Version 8.4(7)
Device Manager Version 7.1(3)

That would explain it, thanks!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card