Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Starting inbound sessions from the directly connected outside subnet

Hi, I recall from the PIX days that inbound sessions were not permitted from a host directly connected into the subnet assigned to the outside interface on the firewall.

I have been asked to advise on a test setup, where we need to test inbound sessions, and it was proposed that the test host be placed in the outside subnet. I suggested that we have a router conected to the outside subnet, but some decided its too complex!

Does this restriction apply to ASA runing 8.x code?

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Starting inbound sessions from the directly connected outside su

Hi,

I am not sure I am aware of the limitation you mention. Then again I havent really been in touch with PIXs other than the few that still are in some networks.

I did a quick test for my home ASA running 8.4(5)

I made a Static NAT for my internal networks Router and allowed management connection from the ISP core and logged to the core device and attempted the management connection and it worked just fine. The source IP address for the management connection is from the directly connected subnet between the core and my ASA and the destination IP address was also a IP address from that same subnet.

So any such limitation should not be present.

- Jouni

2 REPLIES
Super Bronze

Starting inbound sessions from the directly connected outside su

Hi,

I am not sure I am aware of the limitation you mention. Then again I havent really been in touch with PIXs other than the few that still are in some networks.

I did a quick test for my home ASA running 8.4(5)

I made a Static NAT for my internal networks Router and allowed management connection from the ISP core and logged to the core device and attempted the management connection and it worked just fine. The source IP address for the management connection is from the directly connected subnet between the core and my ASA and the destination IP address was also a IP address from that same subnet.

So any such limitation should not be present.

- Jouni

Silver

Starting inbound sessions from the directly connected outside su

Wow, thanks for quick reply Jouni!

That answers my question.

153
Views
0
Helpful
2
Replies
CreatePlease login to create content