[c-nsp] ASA Query
Dave Brockman
dave at brockmans.com
Wed Mar 20 17:08:48 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/20/2013 11:05 AM, Muhammad Jawwad Paracha wrote:
> Hello
>
> Three zones/interface are used on ASA
>
> Internet - security level 0 Inside - security level 100 with ipsec
> configured for vpn clients DMZ - security level 100
>
> Traffic from Inside to Internet works fine without ACL.
>
> Traffic from DMZ to Internet works when ACL is applied.
>
> As per my knowledge traffic from higher security zone to lower zone
> is allowed by default.
>
> Please suggest what could be the reason here.
Which ASA platform specifically? A 5505 w/ a base license only has
three VLANs, one of which is restricted to passing traffic to only one
of the two remaining VLANs. Based on your question, I assume you are
having difficulties passing traffic from inside to DMZ, could you post
a sanitized configuration?
Regards,
dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRSiVgAAoJEMP+wtEOVbcdEEYH/3XnEyQA+TaNi6HerrKu9mi6
nMv5qBm2BzDhyrPJjwrrLpNymmhEwFsgCC365jkyC7aH8qEU1AHbd3EO/nlbO4Nl
LNUby2GMTBiDl/rvyAiJSh4CiKUZ+Pe3ZNJWL1VElCRel7/TKZl7K2Txi8wcuxGo
Z2Jvnd1/0dhfRAPnNW/rPPxw0wWOICg1c8Eb1NBk4lIGB08ZVZjXWNZJz6CB/0v1
D2bMeW9ytIv4Vnx5isG3v/Jfnfkwj2NA8zs1zkMTlbWWjbUVcMBrgTclHtNfLzBr
kfi9AbleKp1WbG6pfmA0/7kfciLa9QmnTrulaSdRgiSNbXCXHmXBcGGORtQCsRw=
=FluS
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list