Hi all. My cisco asa5510 has 3 interfaces, dmz,internal,external. When i use the asdm to define an access list to allow any traffic from dmz to external, i can see that it not only allows access to external but also my internal although i specifically state external from gui. Why is this so? I specifically state a rule which removes the default implicit rule because i also need to create some rules to allow some dmz servers to access my specific internal servers. Thks in advance.
wenbin, your statement is rather confusing. marwanshawi is rite, do consider the security level thing while designing.
From inside to (DMZ or external), there is no need to add any access-list (access from higher security zone to lower security zone is allowed) until & unless you want to block access of internal users to go to DMZ or external.
Same goes with DMZ, from DMZ to external traffic is by default allowed, but from DMZ to internal, you need to define access-lists (going higher security zone to lower).
Make sure that you are using predefined security levels (internal=100, DMZ=50, external=0) to avoid any confusion.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...