cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
951
Views
0
Helpful
4
Replies

ASA Inside to Inside Configuration

mbowden7
Level 1
Level 1

Hello All,

 

I have 3 interfaces: outside, inside0, inside1. both inside interfaces routes to outside correctly. I have user A in inside0 and DVR in inside1. I need to allow user A to access DVR in inside1 port 80

 

inside0 = security-level 80

inside1 = security-level 100

 

ASA 5506x 

Cisco Adaptive Security Appliance Software Version 9.8(2)

 

 

Can anyone help?

1 Accepted Solution

Accepted Solutions

You applied the ACL to the wrong interface:


@mbowden7 wrote:

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST


It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

You can create ACL below example : ( replace the relevant information as per your environment)

 

access-list DVR_ALLOW permit ip USER_A_IP 255.255.255.0 DVR_IP 255.255.255.0 eq 80
access-group DVR_ALLOW in interface inside1

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

If they are individual user/device addresses then the subnet mask should be /32 (255.255.255.255).

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST

You applied the ACL to the wrong interface:


@mbowden7 wrote:

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST


It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: