Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
4
Replies

Why when remove ACL any any I can't connect internal server

cwhlaw2009
Beginner
Beginner

‎12-14-2016 12:43 AM - edited ‎02-21-2020 05:58 AM

Dear All,

I set some rule on ASA 5512 Ver9.5(2) by ASDM ver 7.5(2) and find some problem.

When I remove "access-list WAN1_to_inside extended permit ip any any", I can't connect ERPServer WHY ?

object network ERPServer
  host 192.168.1.250

object network NETWORK_OBJ_192.168.1.0_24
  subnet 192.168.1.0 255.255.255.0

object service 12322
  service tcp source eq 12322

object network WAN1_Inside_Network
  subnet 192.168.1.0 255.255.255.0
  description for inside to outside use WTT

object service 12443
  service tcp source eq 12443

object service 443
  service tcp source eq https

access-list Local_Network standard permit 192.168.1.0 255.255.255.0
access-list WAN1_to_inside extended permit object 12322 any object ERPServer inactive
access-list WAN1_to_inside extended permit object 12443 any object ERPServer inactive
access-list WAN1_to_inside extended permit ip any any
access-list inside_to_outside extended permit ip any any

pager lines 24
logging enable
logging asdm informational
mtu WAN1 1500
mtu WAN2 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-752.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected

nat (inside,WAN1) source static ERPServer interface service 22 12322 inactive
nat (inside,WAN1) source static ERPServer interface service 443 12443 inactive

0 Helpful
4 Replies 4