07-22-2009 07:09 AM - edited 03-11-2019 08:57 AM
I have configured the following ACL but when I check on the ASDM it is showing me as deny, I have check the config and can't see any issue with it.
Can someone help, here is the config:
name 163.1.158.138 misibm02b
object-group network oucs_training_room
network-object host 192.76.26.39
network-object host 192.76.26.40
network-object host 192.76.26.41
object-group service oracle-ports-02b tcp
port-object eq 8030
port-object eq 9030
port-object eq 8033
port-object eq 9033
port-object eq 1551
port-object eq 1554
port-object eq 8026
port-object eq 9026
port-object eq 1546
port-object eq 1610
access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b
Error on ASDM:
4|Jul 22 2009|11:28:14|106023|192.76.26.41|1134|misibm02b|8030|Deny tcp src outside:192.76.26.41/1134 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:41|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]
07-22-2009 07:46 AM
output of 'show access-list acl_out' and 'show run access-group' please.
or try this:
no access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b
access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b
07-23-2009 01:50 AM
Thanks, that worked.
But why would the ASDM not get the command in the right order.
07-22-2009 07:47 AM
try clearing the ADSM Cache, then refresh with the running config.
HTH>
07-22-2009 08:21 AM
The reason it is failing is you have the "oracle-ports-02b" in the source part of the ACL, it should only be in the destination part, i.e.
access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b
Give that a whirl and see how you get on.
07-23-2009 01:50 AM
But why would the ASDM not get the command in the right order?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: