acl needed for high security to low security??

Unanswered Question
Jan 16th, 2008
User Badges:

ive experienced this with both asa and pix...does anybody know why acl needed for high security to low security??...even though i have no high security to low security for other connections?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 01/16/2008 - 10:28
User Badges:
  • Purple, 4500 points or more

ACLs protect your trusted network. Why would you not want ACL's?

cisco24x7 Wed, 01/16/2008 - 10:45
User Badges:
  • Silver, 250 points or more

you have it backward. By default, hosts behind

high security interface can access hosts behind

low level security interface. You do NOT need

ACL to protect hosts sitting behind high level

security interface from low level security level interface. That is implicitly implied.


You need ACL on the high level security

interface in order to protect/prevent

hosts from getting to hosts on other interfaces. That way, if hosts on the

high level security interface are infected

with viruses, they won't propragate to other

networks on other interfaces.


CCIE Security

szajihsaniatan Wed, 01/16/2008 - 10:49
User Badges:

yeah, i know i dont need a ACL to protect hosts sitting behind high level security interface from low level security level interface....but, in my case, that is not an issue...a higher security lvl was unable to iniate a sqlnet connection to a lower security level with an acl...

Collin Clark Wed, 01/16/2008 - 10:53
User Badges:
  • Purple, 4500 points or more

Does nothing between the subnets work? Is NAT working or are you routing?

srue Wed, 01/16/2008 - 11:03
User Badges:
  • Blue, 1500 points or more

do you have inspection turned on for sqlnet?

Actions

This Discussion