ASA5520 access-list configuration?

Unanswered Question
Nov 4th, 2007
User Badges:

I have two asa5520s, version 7.2(2).


I have use access-list for the firewall as:


access-list outside extended permit ip object-group mydomain any

access-list outside extended permit icmp object-group mydomain any

access-group outside in interface outside.


I believe that all the ip traffic should be allowed from machine AA in private network behind inside interface to a machine BB in public network (outside of outside interface of asa5520)


(private) AA->asa5520->BB (public)


However, it seems works for most of case, but, it do not work for certain port.


telnet AA 80 -> it seems working fine

telnet AA 3816 -> it is not work.


when I do the packet trace on asa5520, it said access-list not allowed.


Could anyone advice me what does my configuratin miss? How to corrrect this problem? and also, how can I see all the implicy rules which set by default?


any comments will be appreciated


Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhouser Tue, 11/06/2007 - 09:24
User Badges:

please upload/copy your config so we can see

Actions

This Discussion