ASA 551o traffic between interfaces

Unanswered Question
Nov 26th, 2008
User Badges:

Hi all,

I have the inside int with 100 sec level and on interface( different then outside) with 60 sec level.

i have an ACL on the inside allowing IP TCP and UDP and also one ACL on the 2nd interface allowing the same.

What should I do to enable the traffic coming from that interface towards teh inside ?

Or the traffic to pass from lower to higher?

Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 11/26/2008 - 06:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

For traffic to pass from a lower security interface to a higher security interface you need


1) an acl on the lower security interface inbound allowing the traffic


2) NAT statements for the hosts on the inside - or you can disable NAT if you want. Assuming inside hosts are on the 192.168.5.0/24 subnet and that your second interface is called DMZ2


static (inside,DMZ2) 192.168.5.0 192.168.5.0 netmask 255.255.255.0


and then in your acl allow traffic through to the relevant 192.168.5.x hosts on the inside.


Jon

Actions

This Discussion