ASA 5510 blacklist not working.

Answered Question
Dec 21st, 2016
User Badges:

I have a ASA 5510. I'm trying to set up a blacklist. I have added this for the inbound access-list (access-group outbound in interface inside), but it is not working. Any ideas?


object-group network BLACKLIST
 network-object host xx.xx.xx.xx
 

access-list inside extended deny ip object-group BLACKLIST any

Correct Answer by GRANT3779 about 7 months 4 weeks ago

From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
GRANT3779 Wed, 12/21/2016 - 11:22
User Badges:
  • Bronze, 100 points or more

From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.

llangrell Wed, 12/21/2016 - 13:28
User Badges:

Thanks for the reply. I didn't do the configuration, and the naming is horrible. And my CLI skills are a little rusty. I changed the ACL, and it seems to be working. Thanks for taking a look.


GRANT3779 Thu, 12/22/2016 - 00:53
User Badges:
  • Bronze, 100 points or more

Glad it is working for you now.

When something needs to be named, whether it is an ACL, Route Map, Class Map etc.. I tend to always reference an abbreviation in my name, e.g RM for route-map, CM for class-map

ip access-list extended ACL_DF

route-map RM_DF permit 10
match ip address ACL_DF


I think a lot of others will most likely follow the same, or similar.


Actions

This Discussion