Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

security levels

is an ACL required for even high level to low level int acces when nat 0 like nat (dmz) 0 0.0.0.0 0.0.0.0 is used

3 REPLIES
Cisco Employee

Re: security levels

No. Access from higher->lower is allowed with just a nat/global pair, a static, or a "nat 0" statement like you have.

Access from lower->higher requires a static and an ACL.

New Member

Re: security levels

but am able to see a ACL for high to low level access when nat 0 is used

Silver

Re: security levels

Nat does not have anything to do with ACL's.

High to low is always allowed unless an ACL is applied to the interface that restricts traffic.

Low to High is always denied unless an ACL is applied to the interface that allows the traffic or is a response to an initiated session.

94
Views
0
Helpful
3
Replies