How to add access list to Cisco ASA?

Question

I have the following rules configured at my Cisco ASA firewall:

access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 3306
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2083
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2087
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2095

Now, when I want to add a rule to permit only a traffic to tcp to the specified IP address, like bellow, my rule is failing with ERROR: % Invalid Hostname

sh run access-list OUTSIDE_IN extended permit tcp ip yy.yy.yy.yy host xx.xx.xx.xx eq 10050

What am I doing wrong? As far as I see, my syntax is wrong, but official documentation is not helping me.

score 0 · Answer 1 · answered Oct 02 '17 at 15:05

0

This link will be helpfull for you.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html

answered Oct 02 '17 at 15:05

Kacem Chammali

13
4

score 0 · Answer 2 · answered Oct 09 '17 at 10:17

0

This is what you should use:

access-list OUTSIDE_IN extended permit tcp host yy.yy.yy.yy host xx.xx.xx.xx eq 10050

Example:

access-list OUTSIDE_IN extended permit tcp host 12.12.12.12 host 23.23.23.23 eq 10050

answered Oct 09 '17 at 10:17

Aaron D

303
3
12

How to add access list to Cisco ASA?

2 Answers2