I have a need at a client site where I am working today to modify an Access List on an ASA to allow for a protocol (not port) for a specific application. The client is using Juniper WAN compresison devices. AFter examining netflow output, I see that the Juniper is moving traffic on protocol 108. How is an Access list written to allow for protocol vs. a specific port?
Lets hypothetically say that address 192.168.15.6 is sending protocol 108 traffic to an address 172.16.133.10. The traffic from 15.6 will come into the ASA on the WAN interface, and has to go out the inside interface of the ASA to reach the 172.16.133.10 network. so the ACL on the WAN is the one I have to modify for the specific protocol.
Assuming that your internal ip address of 172.16.133.10 is actually translated/NATed to 22.214.171.124, then the ACL will be as follows on the WAN/outside interface:
access-list outside-acl permit 108 host 192.168.15.6 host 126.96.36.199
Then you probably will already have the following static NAT statement:
static (inside,outside) 188.8.131.52 172.16.133.10 netmask 255.255.255.255
Hope that helps.