If I have a DMZ (security 10) that I want to put a single appliance in, and I will only be accessing the device from an inside Interface (security) on port 80, I am thinking I don't need an inboud acl on the DMZ interface.
Or, do I have to have one and just have "deny any any" on the acl?
There will never be any access from this appliance to the DMZ anywhere else. I only need to get to it on port 80 from inside.
Thanks for the reply, I have a nother question that I was wondering also:
I didn't set this up and wouldnt have done it this way, but:
The inside interface is on an isolated interface with a security level of 100.
There is a second interface set up on one of the physical interfaces (not the "inside" interface), and it is located on the inside network as well.
This interface is set up with several logical interfaces and they each have a security level of 100. When I attempt to change the security level of one of the logical interfaces, I get a warning that says:
"Changing the security level of an interface may cause the ASA configuration to become invalid, causing the ASA to drop legal traffic, or allow illegal traffic to pass through. Do you wish to proceed?"
Is this a default warning, and should I be able to change the security level on one logical interface, without affecting the other logical interfaces on the physical interface. I believe I can, but just checking.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :