cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282
Views
0
Helpful
1
Replies

ASA ACL Issue

nickgoldwater
Level 1
Level 1

Recently I experienced an issue with an ACL where the ASA denied traffic where there was an explicit allow statement properly placed in the list.

This happened after some changes to the list were made. A few entries were marked inactive and a few were removed. This was done in the ASDM.

To remedy the issue I was forced to remove the rule allowing the traffic and re-add it.

I would like to avoid this behavior in the future so if anyone can shed some light on the problem I would appreciate it.

Thanks,

1 Reply 1

smahbub
Level 6
Level 6

After ACL is created it should be bound with the statement defining the reason for which the ACL has been created(Example:NAT uses ACL).similarly Only once ACL can be created on an interface in a particular direction (IN/OUT) traffic.Once the ACL is removed the statement to which ACL is bound looses the ACL.So when the ACL is created again it shound be linked with the statement meant for the purpose for which the ACL was created.

Refer the following Url for the guide on "PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users" which will help tou to understand the ACL configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: