• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

Cisco ASA information needed

How can  you permit traffic to specific host  on another interface  if you have configured deny all traffic from one  interface to another   meaning between two  network /24 .

 Is it necessary to setup an except rule  between two interfaces?
0
renegadecy
Asked:
renegadecy
  • 3
  • 2
1 Solution
 
Netman66Commented:
I would think a permit rule for that requirement could be created and placed immediately above the deny.
0
 
renegadecyAuthor Commented:
have done that and it doent work...
0
 
Netman66Commented:
If you remove the deny, and only have that rule does it work?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
renegadecyAuthor Commented:
due to security policy I cannot remove the deny
0
 
Netman66Commented:
It's implicitly denied.
0
 
amatson78Sr. Security EngineerCommented:
What level is the allow, meaning on the ACL is it higher then any of the denys? What do the logs show on the ASA when you create the rule and test it. It should give a reason denied. Also is their routes/NATs setup for the two subnets to talk?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now