ACL issue - Urgent Help

Unanswered Question
Jul 22nd, 2009

I have configured the following ACL but when I check on the ASDM it is showing me as deny, I have check the config and can't see any issue with it.

Can someone help, here is the config:

name 163.1.158.138 misibm02b

object-group network oucs_training_room

network-object host 192.76.26.39

network-object host 192.76.26.40

network-object host 192.76.26.41

object-group service oracle-ports-02b tcp

port-object eq 8030

port-object eq 9030

port-object eq 8033

port-object eq 9033

port-object eq 1551

port-object eq 1554

port-object eq 8026

port-object eq 9026

port-object eq 1546

port-object eq 1610

access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b

Error on ASDM:

4|Jul 22 2009|11:28:14|106023|192.76.26.41|1134|misibm02b|8030|Deny tcp src outside:192.76.26.41/1134 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:41|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 07/22/2009 - 07:46

output of 'show access-list acl_out' and 'show run access-group' please.

or try this:

no access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b

access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b

handsy Wed, 07/22/2009 - 08:21

The reason it is failing is you have the "oracle-ports-02b" in the source part of the ACL, it should only be in the destination part, i.e.

access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b

Give that a whirl and see how you get on.

Actions

This Discussion