Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

css11503 acl

Hi all.

I have two css11503 configure with ASR. Everything is working so far except acl. Whenever I apply acl, nothing work. Can someone provide me a working sample of css acl?

acl 10

clause 5 permit icmp 116.115.124.128 255.255.255.128 destination 116.115.124.128 255.255.255.128

clause 15 permit any 116.115.124.128 255.255.255.128 destination 224.0.0.18

clause 25 permit tcp any destination 116.115.124.162 eq http

clause 45 permit tcp any destination 116.115.124.162 eq https

clause 200 deny any any destination any

apply circuit-(VLAN524)

acl 20

clause 5 permit any 10.20.1.0 255.255.255.0 destination 10.20.1.0 255.255.255.0

clause 15 permit any 10.20.1.0 255.255.255.0 destination 224.0.0.18

clause 50 deny any any destination any

apply circuit-(VLAN20)

115.116.124.x are the vip address and 10.20.1.x are the physical server ip addresses.

Thanks.

Cheng

4 REPLIES
New Member

Re: css11503 acl

What happens when the following are added to acl 20:

clause 20 permit tcp 10.20.1.0 255.255.255.0 eq 80 dest any

clause 25 permit tcp 10.20.1.0 255.255.255.0 eq 443 dest any

New Member

Re: css11503 acl

I tried add these two lines and still not working.

Thanks.

Cheng

Cisco Employee

Re: css11503 acl

Cheng,

what are all the circuits on this box ?

Do you see any hits on the content rule if you do a 'sho summary' ?

Gilles.

New Member

Re: css11503 acl

I finally figure out the problem. It turns out that css was listening to port 443 from external but the server is listening to port 8080. After I changed my acl 20 from

clause 25 permit tcp 10.20.1.0 255.255.255.0 eq 443 dest any

to

clause 25 permit tcp 10.20.1.0 255.255.255.0 eq 8080 dest any

It works.

Thanks for the help.

Cheng

160
Views
0
Helpful
4
Replies
CreatePlease to create content