Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Website access

My entire Network is behind a ASA 5505 appliance. I am not good at all with the command line and use the ASDM to configure the unit. We were having some issues with employees using certain websites so I went into the ASDM and on the Firewall tab I went to the ACL Manager and added several IP addresses there and set them to DENY so people could not get to them. Now I want to allow one of the sites and I have tried unchecking one of the policies I created and then seeing if I can access the site and I still can not. Any idea why and am I missing something?

7 REPLIES

Re: Website access

Did you configure a "Group" of IP addresses, and assigned the group to an ACL?

Re: Website access

Did you configure a "Group" of IP addresses, and assigned the group to an ACL?

New Member

Re: Website access

No I just went to the Access Rules section on the Firewall tab and added a new rule and entered in the appropriate info.

Re: Website access

You should be able from the ASDm to "uncheck" the acl entry or if you log into the device on the cli and enter

access-list <> deny ip/tcp/udp src/dst inactive

This will disable the acl entry.

New Member

Re: Website access

That is exactly what I have done from the ASDm, but I still cannot get to the site. That was why I was wondering if there was one more screen I was missing.

Re: Website access

No - that is the way, try removing the acl from the interface, and confirm you can access the website. Then while the acl is not attached to an interface, make the acl entry "inactive" then re-attach it.

New Member

Re: Website access

could you please share the config.

Thanks

Som

135
Views
0
Helpful
7
Replies
CreatePlease login to create content