I get that Level 100 is fully trusted, level 0 is fully untrusted, and how you can go from security zone 100 to zone 0, but not the reverse.
However, my old understanding was that once you manually assigned FW rules, the zones became irrelevant. That is, the security zone was superseded by the rule set. I know that was true 5 years ago.
Now, I found out that even if I specifically allow traffic on a rule-set, it won't send/receive if the security zone is 0.
Can someone give me a brain dump (without quoting the obvious stuff from the text book).
Solved! Go to Solution.
Not sure if i understand your question correctly.
By Defaut Lower level security to Higher level Security not allowed.
but you can make a ACL to allow them what you required, if this not working. send us more information, what device / version of ASA /and your ACL ?
i would prefer to have look your config and some logs to understand (i can not visualise your issue)
obviously once you change to same security it works, but that is not meant to be as FW.