Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
slavkin2015-12-14 14:48:22
Cisco
slavkin, 2015-12-14 14:48:22

ACLs do not work on Cisco ASA 5512-X, what should I do?

Hello!
I'm not a cisco driver myself, but at work I urgently needed to set up an ASA with fairly simple filtering rules. The bottom line is this ... I have a Cisco ASA 5512-X, I go to her console, create an ACL like deny ip any any, hang this ACL on incoming traffic on the interface. I connect a laptop to this interface, I ping, and the tsiska responds, which causes me a number of questions. I tried to play with different rules - it does not help - not a single deny works. I tried to configure ASDM, created rules there, the same situation - it doesn't work:
3bd6a45edf5946a3ac318ccc18664707.png
Tell me what I'm doing wrong. :)
Below I give pieces of the configuration.
Interface:

ciscoasa# sh int gigabitEthernet 0/0
Interface GigabitEthernet0/0 "Test", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: Test interface
        MAC address 1005.ca9d.fff1, MTU 1500
        IP address 192.168.0.1, subnet mask 255.255.255.0
        185 packets input, 18146 bytes, 0 no buffer
        Received 100 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        88 packets output, 6808 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 2 interface resets
        0 late collisions, 0 deferred
        7 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (483/461)
        output queue (blocks free curr/low): hardware (487/447)
  Traffic Statistics for "Test":
        178 packets input, 14494 bytes
        88 packets output, 5152 bytes
        86 packets dropped
      1 minute input rate 2 pkts/sec,  196 bytes/sec
      1 minute output rate 0 pkts/sec,  52 bytes/sec
      1 minute drop rate, 1 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec

ACL:
ciscoasa# sh access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
            alert-interval 300
access-list Test_access_in; 2 elements; name hash: 0xb594a33e
access-list Test_access_in line 1 extended deny ip any any (hitcnt=0) 0xa44b6cb5
access-list Test_access_in line 2 extended deny icmp any any (hitcnt=0) 0xb20c1b11

access group:
ciscoasa# sh running-config access-group
access-group Test_access_in in interface Test

UPD : If you need any more information, please let me know. Thanks in advance!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
mikes, 2015-12-14
@mikes

Properties -> Device administration -> icmp rules what is indicated?
what if you specify a rule like any -> device IP ?
is this interface listed as a management access interface?

Similar questions
P
pfsenses2014-09-20 02:35:01
Blades: Cisco or IBM? 1Reply
N
NevilLasky2016-09-29 15:10:03
How to solve the problem that arose after installing Cisco Call Manager? 1Reply
V
Vano01rus2022-04-20 09:49:02
Is the setting correct? 0Reply
E
Evgeny Ferapontov2014-10-10 11:50:49
HP ProCurve 2650 vs Cisco Catalyst 2960/3550: what to choose for access switches in an office network? 5Reply
D
Doston Elmurodov2016-10-14 11:32:20
Why, after rebooting the asi or other equipment, does the port switch to the down mode on the bark switch (nexus 7000)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question