cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
2
Replies

downloadable acls on asa

kirti_bapat
Level 1
Level 1

hi all,

i need some help in configuring downloadable acls on asa.

i have configured a downloadable acl on the asa as follows - permit tcp host 2.1.1.2 host 1.1.1.2 eq 80. i get authenticated successfully , but i get an error saying acl authorizaion denied. the acl gets downloaded on the asa and i am able to browse the webpage on 1.1.1.2.

i am using telnet to authenticate. the access list for permitting telnet traffic on the outside interface is - access-l 101 permit tcp host 2.1.1.2 host 1.1.1.2 eq 23. i have used the per-user-override option in the access-group command - access-group 101 in int outside per-user-override.

my query is , can i permit a specific port no. in the downloadble acl ?also, why i am geting the authorizain denied error.

the config guide of 7.2.2 mentions no usage of port nos.in the acls. Directly udp or cp or ip traffic is permitted / denied.

waiting for reply.

thanks.

regards

kirti.

2 Replies 2

Not applicable

I think you can use port numbers on downloadable acls. The authorization denied message means that the access list check failed; either it matched a deny, or it matched nothing, such as an implicit deny. Following link may help you

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aaarules.html

yeah thanks for the response. yes port nos. do work fine.the link refers to the config guide.

thanks

kirti

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: