07-20-2007 11:46 PM - edited 03-11-2019 03:47 AM
hi all,
i need some help in configuring downloadable acls on asa.
i have configured a downloadable acl on the asa as follows - permit tcp host 2.1.1.2 host 1.1.1.2 eq 80. i get authenticated successfully , but i get an error saying acl authorizaion denied. the acl gets downloaded on the asa and i am able to browse the webpage on 1.1.1.2.
i am using telnet to authenticate. the access list for permitting telnet traffic on the outside interface is - access-l 101 permit tcp host 2.1.1.2 host 1.1.1.2 eq 23. i have used the per-user-override option in the access-group command - access-group 101 in int outside per-user-override.
my query is , can i permit a specific port no. in the downloadble acl ?also, why i am geting the authorizain denied error.
the config guide of 7.2.2 mentions no usage of port nos.in the acls. Directly udp or cp or ip traffic is permitted / denied.
waiting for reply.
thanks.
regards
kirti.
07-26-2007 09:18 AM
I think you can use port numbers on downloadable acls. The authorization denied message means that the access list check failed; either it matched a deny, or it matched nothing, such as an implicit deny. Following link may help you
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aaarules.html
07-26-2007 09:53 AM
yeah thanks for the response. yes port nos. do work fine.the link refers to the config guide.
thanks
kirti
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: