Cisco ASA information needed

Posted on 2014-01-26
Medium Priority
Last Modified: 2014-02-04
How can  you permit traffic to specific host  on another interface  if you have configured deny all traffic from one  interface to another   meaning between two  network /24 .

 Is it necessary to setup an except rule  between two interfaces?
Question by:renegadecy
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 51

Expert Comment

ID: 39810179
I would think a permit rule for that requirement could be created and placed immediately above the deny.

Author Comment

ID: 39810313
have done that and it doent work...
LVL 51

Expert Comment

ID: 39810364
If you remove the deny, and only have that rule does it work?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 39810530
due to security policy I cannot remove the deny
LVL 51

Expert Comment

ID: 39810747
It's implicitly denied.

Accepted Solution

amatson78 earned 1500 total points
ID: 39810791
What level is the allow, meaning on the ACL is it higher then any of the denys? What do the logs show on the ASA when you create the rule and test it. It should give a reason denied. Also is their routes/NATs setup for the two subnets to talk?

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question