Solved

ASA-5510 ACL

Posted on 2013-02-06
4
754 Views
Last Modified: 2013-02-08
I have a cisco asa5510 running software version 8.2(5), security Plus licence and trying to configure for access from outside on a public ip.

The interface public ip is working and if i nat using this i have no problem and OUTSIDE acl is being hit.

But if i add another public ip in our range, the acl is not being hit.

interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

access-list OUTSIDE extended permit ip any host x.x.x.120 log
access-list OUTSIDE extended permit ip any host x.x.x.123      

show access-list
access-list OUTSIDE line 1 extended permit ip any host x.x.x.120 log informational interval 300 (hitcnt=392) 0x537eb0dc
access-list OUTSIDE line 2 extended permit ip any host x.x.x.123 (hitcnt=0) 0x476bce13

Can anyone see where i'm going wrong? Thanks
0
Comment
Question by:oasisuk
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
ID: 38862887
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

Your port is shut down..
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
ID: 38862888
access-list OUTSIDE extended permit ip any host x.x.x.123    

Add the log keyword in the end of the access-list
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 167 total points
ID: 38866635
Do you have proxyarp disabled on outside interface? If so, you must enable it.
0
 

Author Closing Comment

by:oasisuk
ID: 38867490
Thanks for all comments, problem was interface ip was the only one responding because all traffic was being passed to public ip further downstream. We have 2960 sitting between 2 asa's and switch learnt mac for interface ip and passed traffic to that,  but non-interface ip's were not getting natted as all traffic was passed to  a router past ASA-2.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now