Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL

I want to write an acl that allows HTTP traffic to a single network 172.20.1.0

 

Thanks

2 REPLIES
Cisco Employee

Hi,Writing ac ACL would

Hi,

Writing ac ACL would require these details:-

1) The traffic is moving from higher to Lower or Lower to Higher Security Interfaces ?

2) Access Group direction where the traffic needs to be blocked ?

Once , you have this you can use this syntax:-

access-list <name> permit <protocol> <Source Address/Subnet> <mask> <Destination Address/Subnet> <mask>

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_overview.html

Thanks and Regards,

Vibhor Amrodia

VIP Green

If you are allowing access

If you are allowing access from the internet then the ACL would look like the following:

access-list ACLNAME permit tcp any host 172.20.1.0 eq http

access-group ACLNAME in interface <interface name>

Keep in mind that if you are allowing traffic in from the internet to a web server, you will also need to set up a NAT statement for this traffic as well.

--

Please remember to select a correct answer and rate helpful posts
 

--

Please remember to rate and select a correct answer
28
Views
0
Helpful
2
Replies
CreatePlease to create content