Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

to sending traffic between 2 subnets, does it needs just a ACL or NATing too?

dear experts, hello

i'd like to ask you if we have two subnets each connected to a specific ethenet interface on the ASA

for example:

10.0.0.0/24 connected to E0/1

and

10.0.1.0/24 connected to E0/2

the question is: if i want to let the hosts of subnet 10.0.0.0/24 connect to the hosts on 10.0.1.0/24, i can creat an ACL only to permit that,

or i have to create NATing besides the permit ACL?

thanks alot for your help

labib

1 ACCEPTED SOLUTION

Accepted Solutions

Re: to sending traffic between 2 subnets, does it needs just a A

Hi,

The answer depends on the security level of the interfaces.

From high security to low security you don't need an ACL for TCP/UDP traffic.

From low security to high, you require ACL.

If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)

If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.

Federico.

1 REPLY

Re: to sending traffic between 2 subnets, does it needs just a A

Hi,

The answer depends on the security level of the interfaces.

From high security to low security you don't need an ACL for TCP/UDP traffic.

From low security to high, you require ACL.

If you need NAT or not depends if you have NAT control enabled or disabled (nat-control)

If you have nat-control enabled, then you need a NAT rule to pass the traffic, otherwise traffic can flow without NAT.

Federico.

185
Views
0
Helpful
1
Replies
CreatePlease login to create content