Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1404
Views
5
Helpful
1
Replies

USING NAME IN ACL ASA 9.1

cdarren
Level 1
Level 1

‎05-08-2013 06:17 PM - edited ‎03-11-2019 06:40 PM

Hi All,

I generally do not use the name feature when configuring ACL but this customer whishes to use it.

I have turned on names and added the specific anme to IP mapping but am unable to see them being applied to the ACL regardless of what I do. I have used the feature before I do not recall having this issue

What am I doing wrong ?

Thanks

names

name 59.100.70.133 H-59.100.70.133-NAT

name 59.100.70.134 H-59.100.70.134-NAT

name 10.161.104.5 FPMB1PRX01-BOND2

name 10.161.104.4 FPMB1PRX01-BOND1

name 10.161.104.3 FPMB1PRX01-BOND0

name 10.161.104.2 FPMB1PRX01

name 10.161.104.6 FPMB1PRX02

name 192.168.102.1 FPMB1DRV21

name 10.161.192.1 FPMB1RAC01

name 10.161.192.2 FPMB1RAC02

name 10.161.192.12 FPMB1BIP01

name 10.161.22.58 FPMB1OEM01

name 10.161.22.54 FPMB1EBS12

name 10.161.22.63 FPMB1ORA11

name 10.161.194.1 FPMB1RAC03

name 10.161.22.59 FPMB1DRV11

name 10.161.194.2 FPMB1RAC04

name 10.161.194.4 FPMB1RAC04-VIP

name 10.161.194.3 FPMB1RAC03-VIP

name 10.161.22.99 FPMB1CAN01

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.5 host 192.168.102.1 eq 8888

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.3 host 192.168.102.1 eq 8888

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.2 host 192.168.102.1 eq 8888

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.6 host 192.168.102.1 eq 8888

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.5 host 192.168.102.1 eq 8887

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.3 host 192.168.102.1 eq 8887

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.2 host 192.168.102.1 eq 8887

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.6 host 192.168.102.1 eq 8887

access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.5 host 192.168.102.1 eq 8888
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.3 host 192.168.102.1 eq 8888
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.2 host 192.168.102.1 eq 8888
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.6 host 192.168.102.1 eq 8888
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.5 host 192.168.102.1 eq 8887
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.3 host 192.168.102.1 eq 8887
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.2 host 192.168.102.1 eq 8887
access-list DMZ4_ACCESS_IN extended permit tcp host 10.161.104.6 host 192.168.102.1 eq 8887

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-08-2013 06:58 PM

Hello Darren,

http://www.cisco.com/en/US/docs/security/asa/asa91/command/reference/n.html#wp1811949

8.3(1)

You can no longer use a named IP address in a nat command or an access-list command; you must useobject network names instead. Although network-object commands in an object group accept object network names, you can still also use a named IP address identified by the name command.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card