I'm wandering if you can help me solve a little problem I have....I have 2 DMZs on my ASA5510 (running ASA 7.0(6)), A & B.
Members of DMZ A are in the 172.19.10.0/24 subnet and members of DMZ B are in the 192.168.100.0/24 subnet.
When I review the firewall I find that access should be unfettered for users in DMZ B accessing DMZ A, with the following rule in place on the DMZ B interface of the firewall:
access-list dbavpn line 9 extended permit ip 192.168.100.0 255.255.255.0 any
Routing seems to be properly configure on the firewall, as indicated below:
C 172.19.1.0 255.255.255.0 is directly connected, inside
S 172.19.10.0 255.255.255.0 [1/0] via 172.19.1.1, inside
However when I do a packet capture on the FW I see packets coming in the DMZ B facing interface but not going out the DMZ A facing interface, see output below:
capture IN type raw-data access-list TO_172.19.10.12 interface DMZB circular-buffer[Capturing - 738 bytes]
capture OUT type raw-data access-list TO_172.19.10.12 interface DMZA circular-buffer[Capturing - 0 bytes]
NB: access-list TO_172.19.10.12 line 1 extended permit ip any host 172.19.10.12 (hitcnt=9)
I've checked, and there is no NAT configured for the DMZ B facing interface, and all NAT on the DMZ A facing interface is based on source addresses not aligned with the 192.168.100.0 subnet.
I'm new to ASA and I'm at a loss at to what the firewall is doing with this traffic. If you have any ideas I'd be glad to hear them.
Thanks in advance