cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


368
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA 5510 Interface Communication Help Needed

I need some help in establishing communication between my “inside” interface and a third interface called “test” on an ASA 5510. This third interface called “test” is connected to a WatchGuard Firebox which is acting as a VPN device and has an IP address of 192.168.12.81. I have three interfaces setup on the ASA in the following fashion:

interface Ethernet0/0

nameif outside

security-level 0

ip address xxx.xxx.xxx.xx 255.255.255.248

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

interface Ethernet0/2

nameif test

security-level 0

ip address 192.168.12.83 255.255.255.240

The inside interface is able to communicate with the Internet because of this:

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1

Can someone please help with the commands which will allow communication from the inside interface to the test interface? No matter what I have tried, it does not work. I can provide any additional information which is required.

1 REPLY 1
Hall of Fame Master

ASA 5510 Interface Communication Help Needed

You inside hosts should be able to communicate with hosts on the test interface network (192.168.12.81-94) by virtue of the implicit rule allowing communication from higher to lower security level. (That would be assuming no more restrictive access-list is in place.)

Depending on how you want things to work, you may also need a global (test) statement to nat traffic out the test interface or nat exempt statement. The latter would look something like:

access-list EXEMPT permit ip 192.168.1.0 255.255.255.0 any

nat (test) 0 access-list EXEMPT