facing an issue here and need some expert knowhow....
I have several interfaces on my ASA that is also connected with S2S to the HQ office...
i have 3 /24 subnets heavily subneted inbetween interfaces and have a collapsed core as well so anything other than playing with ACLs is out of the question.
so subnet in question attached to one of ASAs interfaces (nameif:public_NAT) and has a 10.y.x.z/29 address (private) i have 3 servers on it. I use static 1-1 NAT to each server from the external range that i have with my ISP (cant route it in as ISP is being ...@#$@D#F).
now the requirement i have is to allow access to all 3 servers but only by using their external globally routed NATs. and block any access to their private IP addresses.
question is: can i use an "outbound" ACL on the public_NAT interface saying - deny ip any to private ip addresses of the servers inside that subnet.
and then allow on other interfaces to the external IPs residing on the WAN interface of the firewall ?
also with S2S if that subnet is a part of larger encryption domain is my only choice will be to remove that /29 subnet from the encr. domain ACL ?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...