Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 551o traffic between interfaces

Hi all,

I have the inside int with 100 sec level and on interface( different then outside) with 60 sec level.

i have an ACL on the inside allowing IP TCP and UDP and also one ACL on the 2nd interface allowing the same.

What should I do to enable the traffic coming from that interface towards teh inside ?

Or the traffic to pass from lower to higher?

Thanks,

1 REPLY
Hall of Fame Super Blue

Re: ASA 551o traffic between interfaces

For traffic to pass from a lower security interface to a higher security interface you need

1) an acl on the lower security interface inbound allowing the traffic

2) NAT statements for the hosts on the inside - or you can disable NAT if you want. Assuming inside hosts are on the 192.168.5.0/24 subnet and that your second interface is called DMZ2

static (inside,DMZ2) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

and then in your acl allow traffic through to the relevant 192.168.5.x hosts on the inside.

Jon

105
Views
0
Helpful
1
Replies