Solved: acl creating

jimgurley · ‎02-14-2018

I'm struggling to make a tweak to our ASA5505. A consultant built the original config, and he's no longer available or interested.

I'm trying to open an outbound TCP port to a single IP address, and I just can't find the formula. There aren't any examples in the existing config. I want the entry to be in the second entry. I'm typing

"access-list inside_out extended line 2 permit tcp any host bozo.245.22.71.114 eq 8074"

and I get a response of "invalid input at "^"" where the "^" it at the right margin. I've tried adding an "out" on the end with no change to the result. bozo... is listed in the name section, although I added it. Do you have to "execute" to have a running-config take effect? I struggled last time I did a similar task and gave up and opened an IP without respect to port, which seems an unnecessary risk.

Julio E. Moisa · ‎02-14-2018

Hi

Try with:

access-list inside_out line 2 extended permit tcp any host bozo.245.22.71.114 eq 8074

I have not used words along with an IP address before, so it should be:

access-list inside_out line 2 extended permit tcp any host 245.22.71.114 eq 8074

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎02-14-2018

Hi

Try with:

access-list inside_out line 2 extended permit tcp any host bozo.245.22.71.114 eq 8074

I have not used words along with an IP address before, so it should be:

access-list inside_out line 2 extended permit tcp any host 245.22.71.114 eq 8074

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

jimgurley · ‎02-14-2018

Thx. The order of line/extended fixed it. So much for my Network Professional's Library guidebook! Should have been obvious from the show version, but I trusted the book.