Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list statements on Version 7.0(6)

I have an extended ACE configured on a PIX Firewall. The purpose of the Firewall is a choke point coming off of the customer's DMZ into the Production networks.

There are a couple of hosts on networks inside of the Firewall that hosts in the DMZ need access to.

I have configured the ACE based upon sniffer traces which are giving me the destination ports being sought.

For whatever reason, when I do a show access-list command, I do not see the hit counts incrementing for the ports I have opened; even though I know the traffic is making it thru based upon the data captured in the sniffer.

Here is an example statement:

access-list outside_inside line 34 extended permit tcp host 172.16.1.8 eq 445 host 198.100.100.147 (hitcnt=0).

Based upon the app launched on the DMZ box, and the traffic captured in the sniffer, this ACE statement should have a hit.

I have tried launching the applicaiton over and over in an attempt to see the hit count increment, but to no avail.

I would think that maybe I had these statements configured incorrectly, but I dont think that is the case either.

Any suggestions welcome.

Thank You.

1 REPLY
New Member

Re: Access-list statements on Version 7.0(6)

can you send me the output from:

show run access-group

show nameif

I'm guessing that access-list outside_inside is applied to your outside interface and there is a different one applied to your DMZ interface.

206
Views
0
Helpful
1
Replies
CreatePlease to create content