Solved: to sending traffic between 2 subnets, does it needs just a ACL or NATing too?

hanyawad · ‎05-25-2010

dear experts, hello

i'd like to ask you if we have two subnets each connected to a specific ethenet interface on the ASA

for example:

10.0.0.0/24 connected to E0/1

and

10.0.1.0/24 connected to E0/2

the question is: if i want to let the hosts of subnet 10.0.0.0/24 connect to the hosts on 10.0.1.0/24, i can creat an ACL only to permit that,

or i have to create NATing besides the permit ACL?

thanks alot for your help

labib

Federico Coto Fajardo · ‎05-25-2010

Hi,

The answer depends on the security level of the interfaces.

From high security to low security you don't need an ACL for TCP/UDP traffic.

From low security to high, you require ACL.

If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)

If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.

Federico.