Solved: ASA 5510 blacklist not working.

llangrell · ‎12-21-2016

I have a ASA 5510. I'm trying to set up a blacklist. I have added this for the inbound access-list (access-group outbound in interface inside), but it is not working. Any ideas?

object-group network BLACKLIST
network-object host xx.xx.xx.xx

access-list inside extended deny ip object-group BLACKLIST any

GRANT3779 · ‎12-21-2016

From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.

View solution in original post

GRANT3779 · ‎12-21-2016

From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.

llangrell · ‎12-21-2016

Thanks for the reply. I didn't do the configuration, and the naming is horrible. And my CLI skills are a little rusty. I changed the ACL, and it seems to be working. Thanks for taking a look.

GRANT3779 · ‎12-22-2016

Glad it is working for you now.

When something needs to be named, whether it is an ACL, Route Map, Class Map etc.. I tend to always reference an abbreviation in my name, e.g RM for route-map, CM for class-map

ip access-list extended ACL_DF

route-map RM_DF permit 10
match ip address ACL_DF

I think a lot of others will most likely follow the same, or similar.