Solved

Cisco ASA 5520 command - Access List

Posted on 2014-04-21
3
827 Views
Last Modified: 2014-04-22
I would like to find all the rules on the outside access list that do not have a certain service (protocol). What would that command be? So for example if I want to see a list of all the rules on that interface except port 80 and 443.
0
Comment
Question by:tolinrome
3 Comments
 
LVL 10

Expert Comment

by:Rafael
ID: 40013534
show access-list outside_access
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40014745
show run access-group

Pick the one that's applied in on the outside interface e.g. if the result looks like..

access-group inbound in interface outside
access-group outbound in interface inside

Then your is called inbound

simply execute

show run access-list outbound

(substitute the name of yours).

Pete
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 500 total points
ID: 40014749
show access-list outside_access | exclude 80
show access-list outside_access | exclude 443

The above commands assume that your external Access list is called "outside_access" you may adjust the last part of the command (exclude 80) & (exclude 443) to fit your needs.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Expanding Subnet Mask 20 108
Cisco AP to get ip from DHCP 10 74
cisco sg 200 trunking 4 26
Internet Protocol Security question 3 71
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question