Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
3
Replies

access-list to outbound statement conversion

Go to solution
msrohman
Level 1
Level 1

‎04-29-2005 12:21 PM - edited ‎02-20-2020 09:27 PM

I'm in the middle of converting 'outbound/apply' statements to ACL statements. However, I need to add a few more 'outbound' statements to production. I'm very comfortable with ACls, but I never figured out how to effeciently use 'outbound/apply' statements.

How would I convert the following ACL statement to an 'outbound/apply' statement?

access-list inside_acl permit tcp 10.200.98.0 255.255.255.0 host 194.232.23.13 eq 80

access-group inside_acl in interface inside

Thanks,

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9
In response to sachinraja

‎05-01-2005 12:41 AM

oops.. sorry mike a mistake.. the apply should be

apply (inside) 1 outgoing_dest

since 194.232.23.13 is ur destination ip address...

If you want to block both source and destination as given in the ACL, you need to define 2 outbounds/apply statements:

access-list inside_acl permit tcp 10.200.98.0 255.255.255.0 host 194.232.23.13 eq 80

outbound 1 deny 0 0

outbound 1 permit 194.232.23.13 255.255.255.255 80 tcp

apply (inside) 1 outgoing_dest

outbound 2 deny 0 0

outbound 2 permit 10.200.98.0 255.255.255.0 80 tcp

apply (inside) 1 outgoing_src

since 10.200 is the source IP

this is really a confusing task.. so stick on with ACL's . rate replies if found useful

Raj

View solution in original post

0 Helpful
3 Replies 3

Go to solution
sachinraja
Level 9
Level 9

‎04-30-2005 09:59 PM

Hi Mike,

you can use the following:

outbound 1 deny 0 0

outbound 1 permit 194.232.23.13 255.255.255.255 80 tcp

other outbound statements

apply (inside) 1 outgoing_src

this will allow all traffic from inside to the ip 194.x.x.x on port 80 and deny rest of the traffic

why are u going back to outbounds from ACLs.. ACLs have greater flexibility and easy to operate. i advice you not to convert back to outbounds

HTH

Raj

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to sachinraja

‎05-01-2005 12:41 AM

oops.. sorry mike a mistake.. the apply should be

apply (inside) 1 outgoing_dest

since 194.232.23.13 is ur destination ip address...

If you want to block both source and destination as given in the ACL, you need to define 2 outbounds/apply statements:

access-list inside_acl permit tcp 10.200.98.0 255.255.255.0 host 194.232.23.13 eq 80

outbound 1 deny 0 0

outbound 1 permit 194.232.23.13 255.255.255.255 80 tcp

apply (inside) 1 outgoing_dest

outbound 2 deny 0 0

outbound 2 permit 10.200.98.0 255.255.255.0 80 tcp

apply (inside) 1 outgoing_src

since 10.200 is the source IP

this is really a confusing task.. so stick on with ACL's . rate replies if found useful

Raj

0 Helpful

Go to solution
msrohman
Level 1
Level 1
In response to sachinraja

‎05-02-2005 06:17 AM

Thanks for the help.

I'm actually in the middle of converting the 'outbound' statements to ACLs in a text file.

I haven't applied any ACLs yet. But I'm definitely going to get this conversion completed in the next week or two. Outbounds are more difficult than ACLs.

Thanks again,

Mike

0 Helpful
Customers Also Viewed These Support Documents