?
Solved

ASA-5510 ACL

Posted on 2013-02-06
4
Medium Priority
?
761 Views
Last Modified: 2013-02-08
I have a cisco asa5510 running software version 8.2(5), security Plus licence and trying to configure for access from outside on a public ip.

The interface public ip is working and if i nat using this i have no problem and OUTSIDE acl is being hit.

But if i add another public ip in our range, the acl is not being hit.

interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

access-list OUTSIDE extended permit ip any host x.x.x.120 log
access-list OUTSIDE extended permit ip any host x.x.x.123      

show access-list
access-list OUTSIDE line 1 extended permit ip any host x.x.x.120 log informational interval 300 (hitcnt=392) 0x537eb0dc
access-list OUTSIDE line 2 extended permit ip any host x.x.x.123 (hitcnt=0) 0x476bce13

Can anyone see where i'm going wrong? Thanks
0
Comment
Question by:oasisuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 1332 total points
ID: 38862887
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address x.x.x.120 255.255.255.224

Your port is shut down..
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 1332 total points
ID: 38862888
access-list OUTSIDE extended permit ip any host x.x.x.123    

Add the log keyword in the end of the access-list
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 668 total points
ID: 38866635
Do you have proxyarp disabled on outside interface? If so, you must enable it.
0
 

Author Closing Comment

by:oasisuk
ID: 38867490
Thanks for all comments, problem was interface ip was the only one responding because all traffic was being passed to public ip further downstream. We have 2960 sitting between 2 asa's and switch learnt mac for interface ip and passed traffic to that,  but non-interface ip's were not getting natted as all traffic was passed to  a router past ASA-2.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question