Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access List on ASA5505

Here is a current access list on an ASA that I mange:

 

access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 7500
access-list outside_access_in_1 extended permit object RDP any object FileServer
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53827
access-list outside_access_in_1 extended permit tcp any object New_Server eq 3389
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53828
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53829
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53830
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53850
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53810
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53855
access-list outside_access_in_1 extended permit tcp any object New_Server eq telnet
access-list outside_access_in_1 extended permit tcp any object New_Server eq 55443
access-list outside_access_in_1 extended permit tcp any object New_Server eq 7500
access-list outside_access_in_1 extended permit tcp any object DattoDevice eq ssh
access-list outside_access_in_1 extended permit udp any object DattoDevice eq ntp
access-list outside_access_in_1 extended permit icmp any object DattoDevice

 

I have highlighted the last three statements - are these correct?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

If you want to allow SSH/NTP

If you want to allow SSH/NTP and ICMP to DattoDevice, then these ACEs are correct.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
4 REPLIES
VIP Purple

If you want to allow SSH/NTP

If you want to allow SSH/NTP and ICMP to DattoDevice, then these ACEs are correct.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Thank you.....can you tell me

Thank you.....can you tell me how to test these using packet tracer in the ASDM?

VIP Purple

packet-tracer input outside

packet-tracer input outside tcp 1.2.3.4 1234 PUBLIC-IP-OF-DATTO-DEVICE 22

"1.2.3.4 1234" is just a random source-ip and port.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Thanks again - 

Thanks again -

 

58
Views
0
Helpful
4
Replies
CreatePlease to create content