Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list on asa

i have an asa 5510 which suppose to have the following rules

1. part of the inside users should be able to access the internet.

2. part of the inside users should be able to access a network on the DMZ

3. Part of the inside users should be able to access both the DMZ and the internet.

both http and https should be available on both outside and the dmz.

iam attaching a table which will explain my conventions used in my below config

access-list acl_inside permit ip group AC any

access-list acl_lanX permit ip group BC lan_X

access-group acl_inside in interface inside

nat (inside) 3 access-list acl_lanX

nat (inside) 1 0 0

global (outside) 1 192.168.1.1-192.168.1.250

global (dmz) 3 192.168.2.1-192.168.2.250

with this config, users INSIDE_A cannot access lan_X

I dont know why.

any help and suugestions will be appreciated

thanks

  • Firewalling
1 REPLY

Re: access-list on asa

I assumed your ?group AC? has INSIDE_A & INSIDE_ C users, and access for this group from Inside to DMZ?s Lan_X is controlled by ?acl_inside?.

BTW, can user from INSIDE_C access Lan_X?

What?s the acl_inside entries and object-group for ?group AC? looks like?

HTH

AK

133
Views
0
Helpful
1
Replies
This widget could not be displayed.