I am migrating an asa 5520 from 8.2 to 8.3 and after the migration the ACL's are blocking access to the DMZ. It looks like the NAT functions were migrated properly by the migration tool but now when I try to access devices in the DMZ the ACL is denying the traffic because my acls in 8.2 had the NATTED IP, not the real IP in the ACL. Now it looks like 8.3 is looking for the real IP and not the NATTED IP.
Here is an example:
Inside network: 172.24.0.0/24
DMZ server real IP: 22.214.171.124
DMZ server NAT IP 126.96.36.199
so, in 8.2 I would have an ACL on the inside interface that said permit 172.24.0.0/24 to 188.8.131.52 eq 80, 443.
This acl doesn't work in my 8.3 config because it wants:
permit 172.24.0.0/24 to 184.108.40.206 eq 80, 443.
Is this correct for 8.3 or are my NAT rules all messed up after the migration?
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...