Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ACL not working in ASA 8.4

An ACL has been applied on the inside interface to of the ASA 8.4 but it is not working. The aim of this list to allow only a few host for outside access and deny rest of the hosts for outside access. The syntex of the access list is

access-list ACL-Inside extended permit ip host 192.168.100.101 any

access-list ACL-Inside extended permit ip host 192.168.100.108 any

access-list ACL-Inside extended permit ip host 192.168.100.109 any

access-list ACL-Inside extended permit ip host 192.168.100.243 any

access-list ACL-Inside extended permit ip host 192.168.100.241 any

access-group ACL-Inside in interface inside

Everyone's tags (5)
2 REPLIES
Cisco Employee

ACL not working in ASA 8.4

Hello,

Can you run a packet tracer?

packet-tracer inpunt inside tcp 192.168.100.241 1025 4.2.2.2 80

Send us the output.

Mike

Mike
Silver

ACL not working in ASA 8.4

Did you configure the NAT statement for the inside hosts to be mapped to a public IP? The below config will NAT 192.168.100.0 -100.254 to outside interface and the access-list you defined only allow those hosts to go out.

object network Inside_Net

subnet 192.168.100.0 255.255.255.0

nat  (inside, outside)  dynamic interface

If you alread did the above config please send us the packet capture as Mike requested.

Siddhartha
1261
Views
0
Helpful
2
Replies
CreatePlease to create content