Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA ACL Issue

Recently I experienced an issue with an ACL where the ASA denied traffic where there was an explicit allow statement properly placed in the list.

This happened after some changes to the list were made. A few entries were marked inactive and a few were removed. This was done in the ASDM.

To remedy the issue I was forced to remove the rule allowing the traffic and re-add it.

I would like to avoid this behavior in the future so if anyone can shed some light on the problem I would appreciate it.

Thanks,

1 REPLY
Silver

Re: ASA ACL Issue

After ACL is created it should be bound with the statement defining the reason for which the ACL has been created(Example:NAT uses ACL).similarly Only once ACL can be created on an interface in a particular direction (IN/OUT) traffic.Once the ACL is removed the statement to which ACL is bound looses the ACL.So when the ACL is created again it shound be linked with the statement meant for the purpose for which the ACL was created.

Refer the following Url for the guide on "PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users" which will help tou to understand the ACL configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

122
Views
0
Helpful
1
Replies
CreatePlease to create content