Hello,
I have a request from a customer to allow a server on the inside network (192.168.1.203) to the "learning network" 10.10.10.0/24 over a specific set of ports. Here is the current ACL to allow from DMZ to Inside network
access-list learning_access_in extended permit icmp 10.10.10.0 255.255.255.0 any
access-list learning_access_in extended permit ip 10.10.10.0 255.255.255.0 any
access-list learning_access_in extended permit tcp 10.10.10.0 255.255.255.0 any
access-list learning_access_in extended permit tcp 10.10.10.0 255.255.255.0 any eq www
access-list learning_access_in remark Allow access to mmgi-apps
access-list learning_access_in extended permit tcp any host 192.168.1.203 eq 7725
access-list learning_access_in extended permit tcp any host 192.168.1.203 eq 7751
access-list learning_access_in extended permit tcp any host 192.168.1.203 eq 7752
access-list learning_access_in extended permit tcp any host 192.168.1.203 eq 7753
access-list learning_access_in extended permit udp any host 192.168.1.203 eq 7725
access-list learning_access_in extended permit udp any host 192.168.1.203 eq 7751
access-list learning_access_in extended permit udp any host 192.168.1.203 eq 7752
access-list learning_access_in extended permit udp any host 192.168.1.203 eq 7753
However, the application is still unable to access desktops using the core application from Inside network to DMZ. I was under the assumption that lower security networks by default would allow higher ones to access the networks.
interface Ethernet0/1
description ** Inside Network **
nameif inside
security-level 100
ip address 192.168.1.1 255.255.254.0
!
!
interface Ethernet0/2.7
vlan 25
nameif learning
security-level 25
ip address 10.10.10.254 255.255.255.0
!
access-list inside extended permit tcp host 192.168.0.25 any eq smtp
access-list inside extended deny tcp any any eq smtp
access-list inside remark To allow the website "Timothysmithnetwork.org"
access-list inside extended permit tcp any host xxx.xxx.xxx.xxx eq www
access-list inside extended permit ip any any
Thanks for any help.