×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASDM ACL rule writing issue?

Unanswered Question
Aug 12th, 2006
User Badges:

I have been fighting an incoming ACL for the last couple of days and today I finally figured it out. Everything looked exactly right within ASDM but it still wasnt working.


When I entered the info for an ACL within ASDM the cli looked like this:


access-list 100 permit tcp any 65.172.252.44 eq www


when I type it in manually (the right way)


access-list 100 permit tcp any host 65.172.252.44 eq www


It works! WTF?


When I hit reload on ASDM I watch that ACL and it doesnt change. I had to enter all my ACL entries manually and all is well.


Im using an ASA 5520, OS 7.2.1 and ASDM 5.2


Has anyone else seen this or am I just doing something wrong?


Bob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.kiprawih Sat, 08/12/2006 - 17:12
User Badges:
  • Gold, 750 points or more

Hi,


The difference between the ASDM-ACL and your CLI-ACL is keyword 'host'. Without 'host', the destination more or less become network ID/subnet instead of single host. That's why your second ACL works.


But I think you can refresh the ASDM so that it will take the latest config updated via the CLI.


Normally, when you create the ACL, the destination is specificed as host IP or object name (if you defined name for that IP 65.172.252.44). Additionally, the netmask of 255.255.255.255 will also determine whether the destination is a single host or network ID. If this is correctly done, then you're not doing anything wrong.


Rgds,

AK


aporcaro01 Tue, 08/15/2006 - 06:06
User Badges:

Hi!


I use the ASDM too and that's right, The netmask determine if is a single host or a network. Try to configure this rule using 255.255.255.255 netmask for the inside host.


regards,

Adriano Porcaro

Actions

This Discussion