Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
1
Replies

ASA 551o traffic between interfaces

hunnetvl01
Level 1
Level 1

‎11-26-2008 05:21 AM - edited ‎03-11-2019 07:18 AM

Hi all,

I have the inside int with 100 sec level and on interface( different then outside) with 60 sec level.

i have an ACL on the inside allowing IP TCP and UDP and also one ACL on the 2nd interface allowing the same.

What should I do to enable the traffic coming from that interface towards teh inside ?

Or the traffic to pass from lower to higher?

Thanks,

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-26-2008 06:11 AM

For traffic to pass from a lower security interface to a higher security interface you need

1) an acl on the lower security interface inbound allowing the traffic

2) NAT statements for the hosts on the inside - or you can disable NAT if you want. Assuming inside hosts are on the 192.168.5.0/24 subnet and that your second interface is called DMZ2

static (inside,DMZ2) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

and then in your acl allow traffic through to the relevant 192.168.5.x hosts on the inside.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card