Solved

ASA-5510 ACL

Posted on 2013-02-06
4
756 Views
Last Modified: 2013-02-08
I have a cisco asa5510 running software version 8.2(5), security Plus licence and trying to configure for access from outside on a public ip.

The interface public ip is working and if i nat using this i have no problem and OUTSIDE acl is being hit.

But if i add another public ip in our range, the acl is not being hit.

interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

access-list OUTSIDE extended permit ip any host x.x.x.120 log
access-list OUTSIDE extended permit ip any host x.x.x.123      

show access-list
access-list OUTSIDE line 1 extended permit ip any host x.x.x.120 log informational interval 300 (hitcnt=392) 0x537eb0dc
access-list OUTSIDE line 2 extended permit ip any host x.x.x.123 (hitcnt=0) 0x476bce13

Can anyone see where i'm going wrong? Thanks
0
Comment
Question by:oasisuk
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
ID: 38862887
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

Your port is shut down..
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
ID: 38862888
access-list OUTSIDE extended permit ip any host x.x.x.123    

Add the log keyword in the end of the access-list
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 167 total points
ID: 38866635
Do you have proxyarp disabled on outside interface? If so, you must enable it.
0
 

Author Closing Comment

by:oasisuk
ID: 38867490
Thanks for all comments, problem was interface ip was the only one responding because all traffic was being passed to public ip further downstream. We have 2960 sitting between 2 asa's and switch learnt mac for interface ip and passed traffic to that,  but non-interface ip's were not getting natted as all traffic was passed to  a router past ASA-2.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question