to sending traffic between 2 subnets, does it needs just a ACL or NATing too?

Answered Question
May 25th, 2010

dear experts, hello

i'd like to ask you if we have two subnets each connected to a specific ethenet interface on the ASA

for example:

10.0.0.0/24 connected to E0/1

and

10.0.1.0/24 connected to E0/2

the question is: if i want to let the hosts of subnet 10.0.0.0/24 connect to the hosts on 10.0.1.0/24, i can creat an ACL only to permit that,

or i have to create NATing besides the permit ACL?

thanks alot for your help

labib

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 6 months ago

Hi,

The answer depends on the security level of the interfaces.

From high security to low security you don't need an ACL for TCP/UDP traffic.

From low security to high, you require ACL.

If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)

If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Federico Coto F... Tue, 05/25/2010 - 15:43

Hi,

The answer depends on the security level of the interfaces.

From high security to low security you don't need an ACL for TCP/UDP traffic.

From low security to high, you require ACL.

If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)

If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.

Federico.

Actions

This Discussion