We would need more information on the current configuration on the ASA.
The actual ACL rule to allow HTTP traffic from/for subnet 172.20.0.0/24 is pretty simple but your interface ACL will most likely have other rules too. Consider for example that for your subnet 172.20.0.0/24 to be able to access an URL using name you will have to allow DNS traffic for them otherwise you can only browse using the IP address of the HTTP server.
You can check if you have any ACLs attached to interfaces with the following command
show run access-group
If the listing of this is either empty or does not list a command for the interface behind which the mentioned subnet is then you will have to configure an ACL for this interface.
If I were to allow only HTTP and DNS traffic from the subnet 172.20.0.0/24 but wanted to allow all traffic from other subnets behind the same interface then you could do this
access-list <acl name> remark Allow HTTP and DNS access-list <acl name> permit tcp 172.20.0.0 255.255.255.0 any eq http access-list <acl name> permit udp 172.20.0.0 255.255.255.0 any eq domain access-list <acl name> permit tcp 172.20.0.0 255.255.255.0 any eq domain access-list <acl name> remark Deny all other traffic from subnet 172.20.0.0./24 access-list <acl name> deny ip 172.20.0.0 255.255.255.0 any access-list <acl name> remark Allow all other traffic access-list <acl name> permit ip any any
To attach the ACL to an interface you can use this command
access-group <acl name> in interface <interface name>
Notice that in the above examples I have not actually named the ACL. You should replace the <acl name> with the actual name you want to use for the ACL. The <interface name> should be replaced with the actual interface "nameif" to which you want to attach the ACL on your ASA.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :