Hello, we tried to configure our new 5510 to secure a datacenter configuration in a level-3 static routing+access control configuration.
- external IP is A
- internal network is N, a public network routed through the 5510
- internal IP is B (inside N)
The routing works ok (tested), but we have problem with the access rules.
We assigned a higher security level to the internal interface, normally it should enable outbound traffic (from N to any) with implicit rules. Does not, no traffic unless we add access rules that allow traffic from outside to inside (from any to N which is the opposite from what it should be !) of course we checked several times the we did not mix cables, inbound and ountbound configuration, ....
Re: Basic configuration for datacenter FW with 5510
It's hard to say without seeing the config. However if you have anything else in the access list for the internal interface it will remove the implicit rule to allow any traffic to a less secure network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...