Leadtheway
asked on
Cisco ASA ACL help
Have a new subnet that I need to allow out of an ASA 5516. I have a general gist of what probably needs to happen. Have to create a network object for that subnet, Then Nat and acl. I'm just not familiar at all on how to create that acl. Hoping to get some guidance
Thanks in advance
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
access-list inside_acl extended permit ip object newsubnet any
Yes you are correct. Typo.
ASKER
is there a way to view if any action is happening with that acl?
ASKER
doesn't appear to be getting hits:
access-list inside_hebmgmt; 1 elements; name hash: 0xddc08539
access-list inside_hebmgmt line 1 extended permit ip object HEBMGMT any (hitcnt=0) 0x2c0eaaa0
access-list inside_hebmgmt line 1 extended permit ip 10.1.100.0 255.255.255.0 any (hitcnt=0) 0x2c0eaaa0
access-list inside_hebmgmt; 1 elements; name hash: 0xddc08539
access-list inside_hebmgmt line 1 extended permit ip object HEBMGMT any (hitcnt=0) 0x2c0eaaa0
access-list inside_hebmgmt line 1 extended permit ip 10.1.100.0 255.255.255.0 any (hitcnt=0) 0x2c0eaaa0
you can use the packet tracer command to verify the rules are being used
packet-tracer input inside tcp x.x.x.x port y.y.y.y port
ASKER
i assume on of my devices goes on x.x.x.x what goes on y.y.y.y?
ASKER
access-list inside_acl extended permit object newsubnet any?