[OSL | CCIE_Security] Issue with ASA - CTP with downloadable ACLs

Karthik sagar Mon, 13 Aug 2012 10:03:14 -0700

When we have downloadable ACLs with CTP, doe the ASA merge the downloaded
ACL with existing interface ACL or is it evaluated separately?



My interface ACL :
ASA1# show run access-list
access-list ACLoutside extended permit icmp host 10.0.0.100 any
access-list ACLoutside extended permit tcp any host 10.0.0.10 eq 443
access-list ACLoutside extended permit tcp any host 10.0.0.100
access-list ACLoutside extended permit tcp any any eq telnet

I  downloaded this ACL from ACS

access-list #ACSACL#-IP-permittelneticmp-50292018; 2 elements (dynamic)
access-list #ACSACL#-IP-permittelneticmp-50292018 line 1 extended permit
icmp any any (hitcnt=0) 0xb3fbb06b
access-list #ACSACL#-IP-permittelneticmp-50292018 line 2 extended permit
tcp any any eq telnet (hitcnt=1) 0x60818a28


Now, my https traffic to 10.0.0.10 would not pass through unless i cleared
uauth .

Regards,
Karthik

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

[OSL | CCIE_Security] Issue with ASA - CTP with downloadable ACLs

Reply via email to