Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Trouble with ACLs

Hello all,

I have an ASA5510 running 7.2 and asdm 5.2.

I am trying to setup a Web server on the DMZ. I need it to be able to communicate with an internal mail server. I followed the example in the getting started guide, but am running into a problem. On the webserver, I am running NTP and what is happening is that the return packet to my webservers ntp queries are being dropped. Now my question, if the webserver on the DMZ initiates comms with the outside, shouldn't the return packets be allowed, or will I have to edit the acl to explicitely allow the return packets? Furthermore, there is is only "incoming" and "outgoing" in ASDM. Where is the "established"?


Re: Trouble with ACLs

What do your acl's look like?

If you created an acl "in interface DMZ" you will have to permit everything you want to go outbound, including udp 123 (ntp) before the explicit deny any any at the end of the acl.

Most likely the asa is not blocking the return traffic, it is probably blocking traffic into DMZ interface, as it is stateful and does not need "established" keyword.

New Member

Re: Trouble with ACLs

My bad. That is exactly what was happening. I did not explicitly allow the traffic out. Thanks for your help.

CreatePlease to create content