asa firewall access list

carl_townshend · ‎03-20-2007

Hi all, can anyone tell me why creating an access list allowing an ip subnet to another one through my firewall would not let me connect remotely to the pc, until I added the tcp port of the program in, I thought ip would of covered this ?

cheers

acomiskey · ‎03-20-2007

It does not function that way, ip is all encompassing. For instance if I had...

access-list 100 permit ip any any

I would not need

access-list 100 permit tcp any any eq 3389

Post the acl's you were using. Are you sure you had the acl applied?

carl_townshend · ‎03-21-2007

Hi

here are the acls, for some reason I have had to allow the port in to dial into the machine. It would not work without

access-list inside-vlan_access_in extended permit ip 172.16.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.24.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.23.0.0 255.255.0.0 any

access-list inside-vlan_access_in extended permit ip 172.17.0.0 255.255.0.0 any

carl_townshend · ‎03-21-2007

I have now sorted the issue, there was an incorrect mask on one of the entries