Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL issue - Urgent Help

I have configured the following ACL but when I check on the ASDM it is showing me as deny, I have check the config and can't see any issue with it.

Can someone help, here is the config:

name 163.1.158.138 misibm02b

object-group network oucs_training_room

network-object host 192.76.26.39

network-object host 192.76.26.40

network-object host 192.76.26.41

object-group service oracle-ports-02b tcp

port-object eq 8030

port-object eq 9030

port-object eq 8033

port-object eq 9033

port-object eq 1551

port-object eq 1554

port-object eq 8026

port-object eq 9026

port-object eq 1546

port-object eq 1610

access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b

Error on ASDM:

4|Jul 22 2009|11:28:14|106023|192.76.26.41|1134|misibm02b|8030|Deny tcp src outside:192.76.26.41/1134 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:41|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

4|Jul 22 2009|11:27:40|106023|192.76.26.41|1130|misibm02b|8030|Deny tcp src outside:192.76.26.41/1130 dst inside:misibm02b/8030 by access-group "acl_out" [0x0, 0x0]

5 REPLIES
Gold

Re: ACL issue - Urgent Help

output of 'show access-list acl_out' and 'show run access-group' please.

or try this:

no access-list acl_out extended permit tcp object-group oucs_training_room object-group oracle-ports-02b host misibm02b

access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b

New Member

Re: ACL issue - Urgent Help

Thanks, that worked.

But why would the ASDM not get the command in the right order.

Re: ACL issue - Urgent Help

try clearing the ADSM Cache, then refresh with the running config.

HTH>

New Member

Re: ACL issue - Urgent Help

The reason it is failing is you have the "oracle-ports-02b" in the source part of the ACL, it should only be in the destination part, i.e.

access-list acl_out extended permit tcp object-group oucs_training_room host misibm02b object-group oracle-ports-02b

Give that a whirl and see how you get on.

New Member

Re: ACL issue - Urgent Help

But why would the ASDM not get the command in the right order?

187
Views
0
Helpful
5
Replies