ASA 5505 between two network segments

suhas_syndrome · ‎11-29-2012

Hi,

I am using Cisco ASA 5505 between my two network.

1) I want 192.168.1.0/24 LAN user can go to access 172.16.1.0/24 network but 172.16.1.0/24 cant access 192.168.1.0/24 network

2) what interface nameif will be or security Laval

3)what access list should be configure

4)what IP route should be used

please find the topology below.

ajay chauhan · ‎11-29-2012

The basic of firewall is Higher Security to Lower Securioty leval is always allowed no ACL is required but when trying to access from Lower to higher ACL is must.

Both interface if on same box will come as connected.

You can have two interfaces -interface configured with 192..x.x.x set SL little higher you should be good.

Thanks

Ajay

suhas_syndrome · ‎11-30-2012

Hi Ajay,

SL min security level right..

you min i need to use ACL to deny 172.X.X.X to access 192.X.X.X network right...

Regards

Suhas

Jack Leung · ‎11-30-2012

By default there's an implicit allow any rule for high SL to low SL. So at the bare minumum

Make ASA interface (whatever gateway address you're using) on the 172.16.1.0/24 network SL 50

Make ASA interface (whatever gateway address you're using) on the 192.168.1.0/24 network SL 75