Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ACL on ASA Problem

I am a newbie when it comes to configuring firewalls. I am configuring an ASA and am having a problem with the ACL's.

When I establish an IPSec tunnel coming into the appliance, I can make the connection but I can't see anything on the network. When I look at the log I am getting numerous messages stating:

"Deny inbound UDP from to on interface Outside".

The IP address above is just the IP address it received from the pool I identified.

I have tried adding specific ACE's at the top of the ACL on the outside interface to allow the 198.162.5 range but to no avail.

Does anyone have ideas what to look for?

Community Member

Re: ACL on ASA Problem


After creating hte IPSec Tunnel, you have to create a ACL's and you have to map the IPSec to that ACL;

See the below exam: for better understanding.

If you are creating the IPSec with the match ID as 133 then

crypto map 133 ipsec-isakmp

set peer X.X.X.X

set transform-set TrippleDes

match address 133

ACL Should be.

access-list 133 permit ip

access-list 133 permit ip

pls rate me if it helps to you

Community Member

Re: ACL on ASA Problem


Thanks for your reply. I guess I wasn't clear.

This isn't a L2L IPSec tunnel. It's a temporary tunnel created by using the Cisco IPSec client. In other words, by a user wanting to VPN in from home to access the network.

CreatePlease to create content