Cisco ASA 5650 Application Configuration III .

Mondo Technology Updated on 2024-02-13

3. Configure the access control list.

ciscoasa(config)# access-list 1 extended permit ip any any

ciscoasa(config)# access-list 101 extended permit ip 192.168.10.0 255.255.255.0 any

ciscoasa# sh nameif

interface name security

gigabitethernet1/1 inside 100

gigabitethernet1/2 outside 0

ciscoasa(config)# ping 192.168.10.1

type escape sequence to abort.

sending 5, 100-byte icmpechos to 192.168.10.1, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/**g/max = 1/1/1 ms

ciscoasa(config)# ping 192.168.10.2

type escape sequence to abort.

sending 5, 100-byte icmpechos to 192.168.10.2, timeout is 2 seconds:

success rate is 100 percent (5/5), round-trip min/**g/max = 1/1/1 ms

ciscoasa(config)#

Experiment 1: Test inside and outside

ciscoasa(config)# sh access-list 1

access-list 1; 1 elements; name hash: 0xbbb5ca06

access-list 1 line 1 extended deny ip host 14.215.177.39 any (hitcnt=0) 0x3bcf1f89 inside forbidden ip:14215.177.39

ciscoasa(config)# sh access-list 101

access-list 101; 1 elements; name hash: 0xe7d586b5

access-list 101 line 1 extended permit ip host 14.215.177.39 any (hitcnt=0) 0x94701252 outside allowed IP: 14215.177.39

ciscoasa(config)#

Results:

Proof: If you disable the IP on inside, you won't be able to ping.

Experiment 2: Access-List 1 Extended Permit IP192168.10.0 255.255.255.0 any

access-list 101 extended permit ip192.168.10.0 255.255.255.0 any

ciscoasa(config)# sh access-list 1

access-list 1; 1 elements; name hash: 0xbbb5ca06

access-list 1 line 1 extended permit ip192.168.10.0 255.255.255.0 any (hitcnt=0) 0x8d755df7

ciscoasa(config)# sh access-list 101

access-list 101; 2 elements; name hash: 0xe7d586b5

access-list 101 line 1 extended permit ip host 14.215.177.39 any (hitcnt=0) 0x94701252

access-list 101 line 2 extended permit ip192.168.10.0 255.255.255.0 any (hitcnt=0) 0xe76cc9b5

ciscoasa(config)#

ciscoasa(config)# wr

ciscoasa(config)# reload

Still can't ping.

ciscoasa(config) access-group 101 in interface outside re**outside can ping 192168.10.1 and.

Note: Is it true that when the access-list is empty, the system will automatically delete the access-list of **?

At this point, inasaThe machine can access the Internet normally.

The Austin Parker 56 is a stylish motor catamaran

The Austin Parker Cat is certainly not your average motor catamaran.In fact,this tasteful catamaran looks like a state of the art superyacht,overcomin...

Fiji was hit by a magnitude 5 6 earthquake

At on December ,a Level The depth of the epicenter was km,and the epicenter was located at latitude degrees, degrees west degrees.For we need to pay a...

IP56 degree of protection

IP protection refers to the protection level of electrical equipment,which is used to evaluate the protection ability of equipment against solid objec...

Suddenly!Here there was an earthquake of magnitude 5 to 6

According to information from the European Mediterranean Center,at Beijing time on December ,,Level the specific epicenter location is north latitude ...

Suddenly!Here there was an earthquake of magnitude 5 to 6

According to the determination of China s Taiwan Network,at pm Beijing time on December ,,and pm local time on December ,Category with an epicenter at...

Cisco ASA 5650 Application Configuration III .

Related Pages

The Austin Parker 56 is a stylish motor catamaran

Fiji was hit by a magnitude 5 6 earthquake

IP56 degree of protection

Suddenly!Here there was an earthquake of magnitude 5 to 6

Suddenly!Here there was an earthquake of magnitude 5 to 6