Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Security zones

Hi,

ASA

Outside zone: Internet (213.132.x.x)

DMZ: 192.168.168.1/24

Inside: 10.0.0.1/24

Router: 10.0.0.254/24

Now I have a route 172.16.1.0/24 on the ASA saying the next-hop for 172.16.1.0/24 is the router ip 10.0.0.254?

Will 172.16.1.0/24 be counted as a high security zone ?

So what my understanding is that a route (172.16.1.0/24) or connected subnet (10.0.0.1/24) ...they are counted as high security zones?

Am I correct? or is it just 10.0.0.0/8 is the high security zone and not 172.16.1.0/24.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Security zones

Hello Kunal,

The ASA will now in order to get to that subnet will need to go into the inside interface wich is the high security zone, so by default is going to be count as a high security network.

Please rate helpful posts.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1 REPLY

Security zones

Hello Kunal,

The ASA will now in order to get to that subnet will need to go into the inside interface wich is the high security zone, so by default is going to be count as a high security network.

Please rate helpful posts.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
201
Views
0
Helpful
1
Replies
CreatePlease to create content