Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.3 ACL denying access to DMZ

I am migrating an asa 5520 from 8.2 to 8.3 and after the migration the ACL's are blocking access to the DMZ. It looks like the NAT functions were migrated properly by the migration tool but now when I try to access devices in the DMZ the ACL is denying the traffic because my acls in 8.2 had the NATTED IP, not the real IP in the ACL. Now it looks like 8.3 is looking for the real IP and not the NATTED IP.

Here is an example:

Inside network: 172.24.0.0/24

DMZ server real IP: 1.1.1.1

DMZ server NAT IP 2.2.2.2

so, in 8.2 I would have an ACL on the inside interface that said permit 172.24.0.0/24 to 2.2.2.2 eq 80, 443.

This acl doesn't work in my 8.3 config because it wants:

permit 172.24.0.0/24 to 1.1.1.1 eq 80, 443.

Is this correct for 8.3 or are my NAT rules all messed up after the migration?

Thanks

2 REPLIES

ASA 8.3 ACL denying access to DMZ

Hello Dylan,

That is 100 % correct. You are right.

Please read this, it will help you!.

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

ASA 8.3 ACL denying access to DMZ

hello dylan,

Below is the link for the release notes for 8.3, You will get most of the answers here,And  ur thoughts are perfect,

http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

Thanks

360
Views
0
Helpful
2
Replies
CreatePlease login to create content