Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Trying to configure firewall rule but acl-drop is denied...what is my issue?

I am trying to allow ip and Ranges below.

Firewall must allow access to our MarcomCentral® Servers

 CIDR Format:

 Netrange Format (Range of IP addresses):

 If desired ports can be restricted to 80 and 443 (required for traffic on internet)

I am trying to get this company PTI that has the address's to be able to access our outside network and pass data through.

After setting up the rules I can that I am getting hits so data is moving. However when running a packet trace the acl-drop is denied by the #13  configured rule. I dont understand why my rule isn't working. It should allow those IP's to pass data to our side.

Everyone's tags (1)

could you try to issue a

could you try to issue a different packet tracer as follows:

packet-tracer input outside tcp 1234 <your public IP> 80 detail

If you are trying to allow web access via 80 and 443 to your internal servers, then you need to also make sure that they have static NAT and that the ASA has a route to their subnet if it is not directly connected to the ASA.


Please remember to select a correct answer and rate helpful posts


Please remember to rate and select a correct answer
CreatePlease to create content