access-list on asa

cfajardo1_2 — Mon, 11 Mar 2019 09:08:01 GMT

i have an asa 5510 which suppose to have the following rules

1. part of the inside users should be able to access the internet.

2. part of the inside users should be able to access a network on the DMZ

3. Part of the inside users should be able to access both the DMZ and the internet.

both http and https should be available on both outside and the dmz.

iam attaching a table which will explain my conventions used in my below config

access-list acl_inside permit ip group AC any

access-list acl_lanX permit ip group BC lan_X

access-group acl_inside in interface inside

nat (inside) 3 access-list acl_lanX

nat (inside) 1 0 0

global (outside) 1 192.168.1.1-192.168.1.250

global (dmz) 3 192.168.2.1-192.168.2.250

with this config, users INSIDE_A cannot access lan_X

I dont know why.

any help and suugestions will be appreciated

thanks

Re: access-list on asa

a.kiprawih — Wed, 13 Dec 2006 00:55:51 GMT

I assumed your ?group AC? has INSIDE_A & INSIDE_ C users, and access for this group from Inside to DMZ?s Lan_X is controlled by ?acl_inside?.

BTW, can user from INSIDE_C access Lan_X?

What?s the acl_inside entries and object-group for ?group AC? looks like?

HTH