Website access

smicale · ‎08-17-2009

My entire Network is behind a ASA 5505 appliance. I am not good at all with the command line and use the ASDM to configure the unit. We were having some issues with employees using certain websites so I went into the ASDM and on the Firewall tab I went to the ACL Manager and added several IP addresses there and set them to DENY so people could not get to them. Now I want to allow one of the sites and I have tried unchecking one of the policies I created and then seeing if I can access the site and I still can not. Any idea why and am I missing something?

andrew.prince · ‎08-17-2009

Did you configure a "Group" of IP addresses, and assigned the group to an ACL?

andrew.prince · ‎08-17-2009

Did you configure a "Group" of IP addresses, and assigned the group to an ACL?

smicale · ‎08-17-2009

No I just went to the Access Rules section on the Firewall tab and added a new rule and entered in the appropriate info.

andrew.prince · ‎08-17-2009

You should be able from the ASDm to "uncheck" the acl entry or if you log into the device on the cli and enter

access-list <> deny ip/tcp/udp src/dst inactive

This will disable the acl entry.

smicale · ‎08-17-2009

That is exactly what I have done from the ASDm, but I still cannot get to the site. That was why I was wondering if there was one more screen I was missing.

andrew.prince · ‎08-17-2009

No - that is the way, try removing the acl from the interface, and confirm you can access the website. Then while the acl is not attached to an interface, make the acl entry "inactive" then re-attach it.

somsh · ‎08-18-2009

could you please share the config.

Thanks

Som