[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA-5510 ACL

Posted on 2013-02-06
4
Medium Priority
?
763 Views
Last Modified: 2013-02-08
I have a cisco asa5510 running software version 8.2(5), security Plus licence and trying to configure for access from outside on a public ip.

The interface public ip is working and if i nat using this i have no problem and OUTSIDE acl is being hit.

But if i add another public ip in our range, the acl is not being hit.

interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

access-list OUTSIDE extended permit ip any host x.x.x.120 log
access-list OUTSIDE extended permit ip any host x.x.x.123      

show access-list
access-list OUTSIDE line 1 extended permit ip any host x.x.x.120 log informational interval 300 (hitcnt=392) 0x537eb0dc
access-list OUTSIDE line 2 extended permit ip any host x.x.x.123 (hitcnt=0) 0x476bce13

Can anyone see where i'm going wrong? Thanks
0
Comment
Question by:oasisuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 1332 total points
ID: 38862887
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

Your port is shut down..
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 1332 total points
ID: 38862888
access-list OUTSIDE extended permit ip any host x.x.x.123    

Add the log keyword in the end of the access-list
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 668 total points
ID: 38866635
Do you have proxyarp disabled on outside interface? If so, you must enable it.
0
 

Author Closing Comment

by:oasisuk
ID: 38867490
Thanks for all comments, problem was interface ip was the only one responding because all traffic was being passed to public ip further downstream. We have 2960 sitting between 2 asa's and switch learnt mac for interface ip and passed traffic to that,  but non-interface ip's were not getting natted as all traffic was passed to  a router past ASA-2.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
How does someone stay on the right and legal side of the hacking world?
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question