Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA traffic flow from high security to low security interface

 

Hi Everyone,

 

ASA --  By default traffic is allowed from high to low security interface.

From  ASA i am telneting from inside interface which has security level 100 to other interface sales which has security level 50.

Deny tcp src inside:10.0.0.2/48646 dst sales:10.12.12.2/23 by access-group "inside_access_in" [0xbe9efe96, 0x0]

This only works if i put rule to allow telnet from inside to sales.

 

Need to know why traffic flow does not work without ACL even this is flowing from high to low security level.

Regards

MAhesh

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Mahesh,You are correct about

Mahesh,

You are correct about the default behavior. BUT there is one very important thing to remember. As soon as you have any access list applied to the high security interface the default behavior is no longer in effect. Instead you will permit only the traffic that is explicitly defined in the access list.

All access lists have an implicit "deny any any" at the end. That's what is blocking your traffic as shown in your log message.

2 REPLIES
Hall of Fame Super Silver

Mahesh,You are correct about

Mahesh,

You are correct about the default behavior. BUT there is one very important thing to remember. As soon as you have any access list applied to the high security interface the default behavior is no longer in effect. Instead you will permit only the traffic that is explicitly defined in the access list.

All access lists have an implicit "deny any any" at the end. That's what is blocking your traffic as shown in your log message.

New Member

 Hi Marvin,i was trying to

 

Hi Marvin,

i was trying to find answer for this and it was puzzling me  and you replied back.Learn something very important from you today.

 

Best regards

MAhesh

 

 

 

 

 

260
Views
0
Helpful
2
Replies
CreatePlease login to create content