12-21-2016 10:54 AM - edited 03-12-2019 01:41 AM
I have a ASA 5510. I'm trying to set up a blacklist. I have added this for the inbound access-list (access-group outbound in interface inside), but it is not working. Any ideas?
object-group network BLACKLIST
network-object host xx.xx.xx.xx
access-list inside extended deny ip object-group BLACKLIST any
Solved! Go to Solution.
12-21-2016 11:22 AM
From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.
12-21-2016 11:22 AM
From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.
12-21-2016 01:28 PM
Thanks for the reply. I didn't do the configuration, and the naming is horrible. And my CLI skills are a little rusty. I changed the ACL, and it seems to be working. Thanks for taking a look.
12-22-2016 12:53 AM
Glad it is working for you now.
When something needs to be named, whether it is an ACL, Route Map, Class Map etc.. I tend to always reference an abbreviation in my name, e.g RM for route-map, CM for class-map
ip access-list extended ACL_DF
route-map RM_DF permit 10
match ip address ACL_DF
I think a lot of others will most likely follow the same, or similar.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide