Solved

ASA-5510 ACL

Posted on 2013-02-06
4
749 Views
Last Modified: 2013-02-08
I have a cisco asa5510 running software version 8.2(5), security Plus licence and trying to configure for access from outside on a public ip.

The interface public ip is working and if i nat using this i have no problem and OUTSIDE acl is being hit.

But if i add another public ip in our range, the acl is not being hit.

interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

access-list OUTSIDE extended permit ip any host x.x.x.120 log
access-list OUTSIDE extended permit ip any host x.x.x.123      

show access-list
access-list OUTSIDE line 1 extended permit ip any host x.x.x.120 log informational interval 300 (hitcnt=392) 0x537eb0dc
access-list OUTSIDE line 2 extended permit ip any host x.x.x.123 (hitcnt=0) 0x476bce13

Can anyone see where i'm going wrong? Thanks
0
Comment
Question by:oasisuk
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
Comment Utility
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

Your port is shut down..
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 333 total points
Comment Utility
access-list OUTSIDE extended permit ip any host x.x.x.123    

Add the log keyword in the end of the access-list
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 167 total points
Comment Utility
Do you have proxyarp disabled on outside interface? If so, you must enable it.
0
 

Author Closing Comment

by:oasisuk
Comment Utility
Thanks for all comments, problem was interface ip was the only one responding because all traffic was being passed to public ip further downstream. We have 2960 sitting between 2 asa's and switch learnt mac for interface ip and passed traffic to that,  but non-interface ip's were not getting natted as all traffic was passed to  a router past ASA-2.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now