05-25-2010 03:41 PM - edited 03-11-2019 10:50 AM
dear experts, hello
i'd like to ask you if we have two subnets each connected to a specific ethenet interface on the ASA
for example:
10.0.0.0/24 connected to E0/1
and
10.0.1.0/24 connected to E0/2
the question is: if i want to let the hosts of subnet 10.0.0.0/24 connect to the hosts on 10.0.1.0/24, i can creat an ACL only to permit that,
or i have to create NATing besides the permit ACL?
thanks alot for your help
labib
Solved! Go to Solution.
05-25-2010 03:43 PM
Hi,
The answer depends on the security level of the interfaces.
From high security to low security you don't need an ACL for TCP/UDP traffic.
From low security to high, you require ACL.
If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)
If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.
Federico.
05-25-2010 03:43 PM
Hi,
The answer depends on the security level of the interfaces.
From high security to low security you don't need an ACL for TCP/UDP traffic.
From low security to high, you require ACL.
If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)
If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide