client are not hitting policy when there are too many users

rupam_chakra1983 · ‎12-31-2009

Hi Team

I am facing a problem with my cisoco ASA policy:

I am running ASA version 8.0(4)

My config is as lollows:

interface Ethernet0/0
nameif inside
security-level 100
ip address 10.38.100.162 255.255.255.0

interface Ethernet0/1
nameif outside
security-level 0
ip address 10.38.150.4 255.255.255.0

access-list outbound extended permit ip 10.38.107.0 255.255.255.0 host A.B.C.D log # This is the policy that working with few host in the 10.38.107.0 subnet

But when there are too many host login this policy fails and there is no hit on the policy

But at the same time if i apply the below policy and permit all and disable the above policy it works

access-list outbound extended permit ip 10.38.0.0 255.255.0.0 any

it starts working for the same subnet for which it stops working previously

I am using no nat for the whole subnet as natting is working in the router.

It is really confused that the above policy work for few host and if enough user loggs in the the polict stops working and we need to allow the complete subnet.

The Ip access is A.B.C.D

Any help will be appreciated.

Thanks

Kureli Sankar · ‎01-01-2010

How did you gather it is not working when there are many hosts?

What do you mean it is not working?

It is allowing access but not logging? I see that you have the "log" key word.

What do the logs show when you say it breaks?

In the second access-list that you add you are adding "any" for the destination wereas the one before had a specific destion.

Pls. clarify.

-KS