Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

Trying to configure firewall rule but acl-drop is denied...what is my issue?

kkonovalov
Level 1
Level 1

‎06-26-2014 08:30 AM - edited ‎03-11-2019 09:23 PM

I am trying to allow ip 162.213.47.1/24 and Ranges below.

Firewall must allow access to our MarcomCentral® Servers

 CIDR Format: 162.213.47.0/24

 Netrange Format (Range of IP addresses): 162.213.47.1-254

 If desired ports can be restricted to 80 and 443 (required for traffic on internet)

I am trying to get this company PTI that has the 162.213.47.0/24 address's to be able to access our outside network and pass data through.

After setting up the rules I can that I am getting hits so data is moving. However when running a packet trace the acl-drop is denied by the #13  configured rule. I dont understand why my rule isn't working. It should allow those IP's to pass data to our side.

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎06-27-2014 12:55 PM

could you try to issue a different packet tracer as follows:

packet-tracer input outside tcp 162.213.47.129 1234 <your public IP> 80 detail

If you are trying to allow web access via 80 and 443 to your internal servers, then you need to also make sure that they have static NAT and that the ASA has a route to their subnet if it is not directly connected to the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card