02-06-2011 04:06 AM - edited 03-11-2019 12:45 PM
hi folks
I wanna let some users access outside application through the firewall,so what is the proper config for that?
inside (sec 100)
outside (sec 0)
so will the access-group applyed in direction on the outside or out direction on the inside interface?
02-06-2011 06:13 AM
By default, the adaptive security appliance allows traffic to flow freely from an inside network (higher security level) to an outside network (lower security level). Since ASA is a stateful firewall, the return traffic will be allowed automatically. So, you don't need configure any ACL/access-group if you just would like to allow traffic from inside to outside.
You need configure NAT to translate internal private IP to a public IP.
02-06-2011 06:29 AM
Hi Freind
I didnt work until i added the below comand
access-list outside_in permit tcp <172.40.4.0 255.255.255.0>
and this access-group already applied on outside in derection
access-group outside_in in inter outside
02-06-2011 06:47 AM
access-list outside_in permit tcp <172.40.4.0 255.255.255.0>
The above ACL will allow 172.40.4/24 to initiate inbounding traffic to your patner network on port TCP 443 from low security interface (outside).
Yes, if the traffic is initiated from low security side to high security side, you must use ACL to permit it on low security interface.
I thought you were asking for allowing traffic from high security side to low security side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide