cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
6
Replies

acl needed for high security to low security??

mrSS
Level 1
Level 1

ive experienced this with both asa and pix...does anybody know why acl needed for high security to low security??...even though i have no high security to low security for other connections?

6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

ACLs protect your trusted network. Why would you not want ACL's?

you have it backward. By default, hosts behind

high security interface can access hosts behind

low level security interface. You do NOT need

ACL to protect hosts sitting behind high level

security interface from low level security level interface. That is implicitly implied.

You need ACL on the high level security

interface in order to protect/prevent

hosts from getting to hosts on other interfaces. That way, if hosts on the

high level security interface are infected

with viruses, they won't propragate to other

networks on other interfaces.

CCIE Security

yeah, i know i dont need a ACL to protect hosts sitting behind high level security interface from low level security level interface....but, in my case, that is not an issue...a higher security lvl was unable to iniate a sqlnet connection to a lower security level with an acl...

Does nothing between the subnets work? Is NAT working or are you routing?

do you have inspection turned on for sqlnet?

fixup protocol for sqlnet...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: