ASA5520 access-list configuration?

Unanswered Question
Nov 4th, 2007
User Badges:

I have two asa5520s, version 7.2(2).

I have use access-list for the firewall as:

access-list outside extended permit ip object-group mydomain any

access-list outside extended permit icmp object-group mydomain any

access-group outside in interface outside.

I believe that all the ip traffic should be allowed from machine AA in private network behind inside interface to a machine BB in public network (outside of outside interface of asa5520)

(private) AA->asa5520->BB (public)

However, it seems works for most of case, but, it do not work for certain port.

telnet AA 80 -> it seems working fine

telnet AA 3816 -> it is not work.

when I do the packet trace on asa5520, it said access-list not allowed.

Could anyone advice me what does my configuratin miss? How to corrrect this problem? and also, how can I see all the implicy rules which set by default?

any comments will be appreciated

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhouser Tue, 11/06/2007 - 09:24
User Badges:

please upload/copy your config so we can see


This Discussion