asa firewall access list

Unanswered Question
Mar 20th, 2007

Hi all, can anyone tell me why creating an access list allowing an ip subnet to another one through my firewall would not let me connect remotely to the pc, until I added the tcp port of the program in, I thought ip would of covered this ?

cheers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 03/20/2007 - 18:47

It does not function that way, ip is all encompassing. For instance if I had...

access-list 100 permit ip any any

I would not need

access-list 100 permit tcp any any eq 3389

Post the acl's you were using. Are you sure you had the acl applied?

carl_townshend Wed, 03/21/2007 - 02:14

Hi

here are the acls, for some reason I have had to allow the port in to dial into the machine. It would not work without

access-list inside-vlan_access_in extended permit ip 172.16.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.24.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.23.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.17.0.0 255.255.0.0 any

Actions

This Discussion