Khartik, You need to have per user override for the access group applied on the interface, then it will allow it.
Mike From: [email protected] Date: Mon, 13 Aug 2012 22:24:46 +0530 To: [email protected] Subject: [OSL | CCIE_Security] Issue with ASA - CTP with downloadable ACLs When we have downloadable ACLs with CTP, doe the ASA merge the downloaded ACL with existing interface ACL or is it evaluated separately? My interface ACL : ASA1# show run access-list access-list ACLoutside extended permit icmp host 10.0.0.100 any access-list ACLoutside extended permit tcp any host 10.0.0.10 eq 443 access-list ACLoutside extended permit tcp any host 10.0.0.100 access-list ACLoutside extended permit tcp any any eq telnet I downloaded this ACL from ACS access-list #ACSACL#-IP-permittelneticmp-50292018; 2 elements (dynamic) access-list #ACSACL#-IP-permittelneticmp-50292018 line 1 extended permit icmp any any (hitcnt=0) 0xb3fbb06b access-list #ACSACL#-IP-permittelneticmp-50292018 line 2 extended permit tcp any any eq telnet (hitcnt=1) 0x60818a28 Now, my https traffic to 10.0.0.10 would not pass through unless i cleared uauth . Regards, Karthik _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
