I need advice in how to access inside from dmz. I think i get problem with the security when testing diffrent solutions. I would like a safe solution to access the inside from dmz, not opening any security hole. Firewall are ASA 5520 ver 7.04.
description Inside interface
ip address 18.104.22.168 255.255.255.0
description DMZ interface
ip address 22.214.171.124 255.255.255.0
access-list Inside_access_in extended permit ip any any
Thanks for your reply. Question! I would like to know how the access-list should be configured when all hosts on DMZ should reach the internet for example. I have to apply http for this to work, but then all the hosts on DMZ get access at the same time to inside with http. This is the problem, when i give the hosts on DMZ access to outside they also get access to inside /regards
One last question! I wonder if there is at better way to do this, because it probably will be a lot of access-lists. I don`t think this problem exists in the pix? Well, if there is no other solution i will configure it as you explained. /Regards
you can probably think of configuring "object groups". By doing this, you can identify and collate access-lists to form logical groups. This will anyway not reduce the ACL's, but can give you better control of the ACL's and easier management.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...