cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


174
Views
0
Helpful
4
Replies
Beginner

ASA Inside to Inside Configuration

Hello All,

 

I have 3 interfaces: outside, inside0, inside1. both inside interfaces routes to outside correctly. I have user A in inside0 and DVR in inside1. I need to allow user A to access DVR in inside1 port 80

 

inside0 = security-level 80

inside1 = security-level 100

 

ASA 5506x 

Cisco Adaptive Security Appliance Software Version 9.8(2)

 

 

Can anyone help?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: ASA Inside to Inside Configuration

You applied the ACL to the wrong interface:


@mbowden7 wrote:

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST


It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.

4 REPLIES 4
VIP Advisor

Re: ASA Inside to Inside Configuration

You can create ACL below example : ( replace the relevant information as per your environment)

 

access-list DVR_ALLOW permit ip USER_A_IP 255.255.255.0 DVR_IP 255.255.255.0 eq 80
access-group DVR_ALLOW in interface inside1

 

 

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Master

Re: ASA Inside to Inside Configuration

If they are individual user/device addresses then the subnet mask should be /32 (255.255.255.255).

Beginner

Re: ASA Inside to Inside Configuration

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST

Hall of Fame Master

Re: ASA Inside to Inside Configuration

You applied the ACL to the wrong interface:


@mbowden7 wrote:

@balaji.bandi That didn't work for me! Any other ideas

 

access-list DVR_ALLOW; 1 elements; name hash: 0x648241f7

access-list DVR_ALLOW line 1 extended permit tcp host 10.1.2.100 host 10.1.1.198 eq www (hitcnt=0) 0x2fe0285b

access-group INBOUND_DVR in interface outside_COMCAST


It should be applied to inside0 per your initial posting and @balaji.bandi 's recommendation.