https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342945#M343312 <HTML><HEAD></HEAD><BODY><P>Sure <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/wink.gif"></SPAN></P></BODY></HTML> Mon, 09 Sep 2013 22:56:56 GMT Antonio Simoes 2013-09-09T22:56:56Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342939#M343300 <P>Hi,</P><P></P><P>Can anyone awnser this questions?</P><P></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><OL><LI><SPAN style="font-size: 10pt;">What I have to do to:</SPAN><OL></OL><OL><LI><SPAN style="font-size: 10pt;">Allow only traffic http/https from the inside to dmz</SPAN></LI><LI>Allow only traffic http/https from the dmz to inside</LI></OL></LI></OL><P><SPAN style="line-height: 0px; font-size: 10pt;"> </SPAN></P><OL><LI>How can I simulate inspected retrurning traffic in packet tracer?&nbsp; Otherwise I never know if it will be allowed to return.</LI></OL><P></P><P>Kind regards,</P><P></P><P>AS</P><P><SPAN style="line-height: 0px; font-size: 10pt;"> </SPAN></P> Tue, 12 Mar 2019 02:35:53 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342939#M343300 Antonio Simoes 2019-03-12T02:35:53Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342940#M343301 <HTML><HEAD></HEAD><BODY><P>Hello Antonio,</P><P></P><P>For this particular traffic (HTTP, HTTPS) there will be only one session or data channel so with a regular packet-tracer you will be able to determine whether the returning traffic will be allowed or not.</P><P></P><P>An example would be with ICMP (without the stateful inspection you will see a drop on the packet-tracer.. It points to an ACL issue I think).</P><P></P><P>What I will provide you is a really useful command that not all of the people is aware of:</P><P></P><P><STRONG>show service-policy flow tcp host x.x.x.x host x.x.x.x eq 80</STRONG></P><P></P><P>You will be seeing if a policy inspection or parameter is matched <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P><SPAN>For more information about Core and Security Networking follow my website at </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR /><SPAN>Any question contact me at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Mon, 09 Sep 2013 18:40:01 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342940#M343301 Julio Carvajal 2013-09-09T18:40:01Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342941#M343304 <HTML><HEAD></HEAD><BODY><P>Hi J,</P><P></P><P>I´m confuse about one situation. In on of my branch companies, I have conected to my ASA inside port a ISR 2911/K9, doing router on the stick to my vlan´s. But now I have do conect a service on the main office. So I will do a Site-to-Site VPN on the ASA. But the local network is on of my vlans.</P><P></P><P>So what will happen, I do the VPN and the ASA Route the traffic to the ISR and vice versa?</P><P></P><P>Kind Regards,</P><P></P><P>AS</P></BODY></HTML> Mon, 09 Sep 2013 22:37:23 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342941#M343304 Antonio Simoes 2013-09-09T22:37:23Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342942#M343305 <HTML><HEAD></HEAD><BODY><P>Hello Antonio,</P><P></P><P>Exactly, You build the VPN between the ASA and the other site and the ASA routes and encrypts the traffic properly <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P><SPAN>For more information about Core and Security Networking follow my website at </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR /><SPAN>Any question contact me at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Mon, 09 Sep 2013 22:43:01 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342942#M343305 Julio Carvajal 2013-09-09T22:43:01Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342943#M343307 <HTML><HEAD></HEAD><BODY><P>Hi J</P><P></P><P>Ok. Two days from now I will test it.</P><P></P><P>Take care man.</P><P></P><P>AS</P></BODY></HTML> Mon, 09 Sep 2013 22:49:42 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342943#M343307 Antonio Simoes 2013-09-09T22:49:42Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342944#M343309 <HTML><HEAD></HEAD><BODY><P>Hello Antonio,</P><P></P><P>Sure, keep me posted!</P><P></P><P><SPAN>For more information about Core and Security Networking follow my website at </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR /><SPAN>Any question contact me at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Mon, 09 Sep 2013 22:52:12 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342944#M343309 Julio Carvajal 2013-09-09T22:52:12Z https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342945#M343312 <HTML><HEAD></HEAD><BODY><P>Sure <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/wink.gif"></SPAN></P></BODY></HTML> Mon, 09 Sep 2013 22:56:56 GMT https://community.cisco.com/t5/network-security/nat-access-rules-n-traffic-inspection/m-p/2342945#M343312 Antonio Simoes 2013-09-09T22:56:56Z