ASA ACL Issue

Unanswered Question
May 7th, 2008

Recently I experienced an issue with an ACL where the ASA denied traffic where there was an explicit allow statement properly placed in the list.

This happened after some changes to the list were made. A few entries were marked inactive and a few were removed. This was done in the ASDM.

To remedy the issue I was forced to remove the rule allowing the traffic and re-add it.

I would like to avoid this behavior in the future so if anyone can shed some light on the problem I would appreciate it.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 05/13/2008 - 13:08

After ACL is created it should be bound with the statement defining the reason for which the ACL has been created(Example:NAT uses ACL).similarly Only once ACL can be created on an interface in a particular direction (IN/OUT) traffic.Once the ACL is removed the statement to which ACL is bound looses the ACL.So when the ACL is created again it shound be linked with the statement meant for the purpose for which the ACL was created.

Refer the following Url for the guide on "PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users" which will help tou to understand the ACL configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

Actions

This Discussion