Hi. Is it true that i would need both an acl allowing packets from a lower security pix interface and a static nat in order to allow ip traffic to flow from a lower security interface to a higher security interface. The reason i am asking is that i am considering placing some basic servers in a dmz int of my pix with security level of 50. My internal network is within security 0. I want my internal network to access my dmz servers but using only acceptable ports which i will set using an acl going out the dmz interface. But i also need my active directory and other servers to update my workstations within the inside network.
I have many DMZ's/VLAN's ff my ASA on lower security levels as the internal is 100 and the internet is 0. However you don't have to use static NAT just set up the correct ACL's/ACE's in your required direction and use NAT exempt's.
Nat Exempt is used when you dont wish to hide/nat your source address from the other end , this scenario is generally used when you want to pass traffic between two private interfaces where even private addresses are routable and you wish to preserve the source header as it is.
I some pros turn off NAT by using "no nat-control", but some feel the nat provides extra security. I think this is off in 8.x anyway. So you may find all you need to do is create the rules between your DMZ's/VLAN's. I say VLAN's as it is common to have a switch connected to your ASA/Pix and create sub-interfaces from that which travel of the trunk port to the switch.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...