12-21-2016 10:54 AM - edited 03-12-2019 01:41 AM
I have a ASA 5510. I'm trying to set up a blacklist. I have added this for the inbound access-list (access-group outbound in interface inside), but it is not working. Any ideas?
object-group network BLACKLIST
network-object host xx.xx.xx.xx
access-list inside extended deny ip object-group BLACKLIST any
Solved! Go to Solution.
12-21-2016 11:22 AM
From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.
12-21-2016 11:22 AM
From what you have said, your access group statement seems to be referencing an ACL called outbound, but your ACL is called inside.
12-21-2016 01:28 PM
Thanks for the reply. I didn't do the configuration, and the naming is horrible. And my CLI skills are a little rusty. I changed the ACL, and it seems to be working. Thanks for taking a look.
12-22-2016 12:53 AM
Glad it is working for you now.
When something needs to be named, whether it is an ACL, Route Map, Class Map etc.. I tend to always reference an abbreviation in my name, e.g RM for route-map, CM for class-map
ip access-list extended ACL_DF
route-map RM_DF permit 10
match ip address ACL_DF
I think a lot of others will most likely follow the same, or similar.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: