This is my 1st time working with the post 8.4 IOS on the ASA and have a question regarding access lists. My ASA is running ver 8.6 and is configured with 3 interfaces, inside, data and outside. The inside network is for management\monitoring and should always be protected. The data network hosts servers and PCs. All traffic originating from this network destined to the internet should be allowed to pass though the data interface. Right now, i do not have any access-lists or access-groups created on on the inside and data interfaces. All computers behind the data interface can access the internet on all protocols as expected.
I have a monitoting servers in the inside network that all systems in the data network need to communicat to on tcp port 10000. Once I add an access-list on the data interface all traffic destined to the internet is blocked
access-list acl_data permit tcp any host monitoring server eq 10000
How can i ensure that all internet traffic is permitted, while protecting my inside network and allowing servers to communicate with the management server ?