I am having a NAT/ACL problem in my home network after I’ve migrated from Zyxel to Cisco.
I used to have a Zywall5 with LAN and DMZ network. The LAN was for my own units and the DMZ was for visitors in my home. On my LAN I had a printserver which DMZ users needed access to sometimes. I just made a firewall rule allowing TCP/515 from DMZ to LAN on the Zywall5 – working fine.
Now I am trying to do the same with my Cisco ASA – and OMG – this is not easy. I have to allow traffic from a VLAN with security level 50 to a VLAN with security level 100 – but only to the printserver.
I am not a CLI expert, so I have been working on this problem in ASDM. I tried many different things suggested by Cisco support documents without any luck. It doesn’t make it easier with Ciscos new NAT-concept, as I am on firmware 8.3(1) on my 5505.
I worked a little with ASAs some time ago and I recall NAT exempt, but this doesn’t exist anymore. As I see it, Cisco suggest you make two static NAT rules to do this, and some ACL magic, and this is where I am stuck now.
It should be very simple – I just need traffic (all or just tcp/515) from my 10.20.33.0/24 network to one host (printserver 10.20.30.3) on my 10.20.30.0/24 network.
I have attached a simple network diagram and my running-config from the ASA.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :