06-05-2015 08:00 AM - edited 03-11-2019 11:03 PM
Hi
I was trying to configure a access rule to allow all internal users internet access on an asa 9.3 using ASDM. I don't want to use the default security levels as I will be adding other rules for specific access.
I configured a rule on the Inside IN interface to allows any source, to destination Outside interface on HTTP & HTTPS. Ive configured the NAT aswel. When I try running packet tracer, the trace fails on access rule.
When I select destination as the outside subnet then I can only get to the outside subnet and not the internet. I may be missing something here and this is my first attempt. I was hoping I could just select the destination as the outside interface and should work.
Thanks
Solved! Go to Solution.
06-05-2015 08:09 AM
Hi,
By default as you know on the ASA device , if you have the traffic moving from the Higher Security interface to the lower one , you don;t need any ACL to be configured on the inside interface to allow the traffic.
If you want an ACL to restrict the traffic , you need to allow the traffic from any to any based on specific service rather than the ASA outside subnet as the destination would not be the ASA outside network.
I think if you correct this and apply a NAT statement , that should resolve the issue.
Otherwise , if you still see the issue , post the packet tracer output with the relevant configuration from the ASA device.
Thanks and Regards,
Vibhor Amrodia
06-05-2015 08:09 AM
Hi,
By default as you know on the ASA device , if you have the traffic moving from the Higher Security interface to the lower one , you don;t need any ACL to be configured on the inside interface to allow the traffic.
If you want an ACL to restrict the traffic , you need to allow the traffic from any to any based on specific service rather than the ASA outside subnet as the destination would not be the ASA outside network.
I think if you correct this and apply a NAT statement , that should resolve the issue.
Otherwise , if you still see the issue , post the packet tracer output with the relevant configuration from the ASA device.
Thanks and Regards,
Vibhor Amrodia
12-12-2019 07:58 AM
Hi, i know this post is old but what if you have an inside ACL on a lower security level interface to allow traffic to another zone? The default hight to low permission does not work. How can you allow internet access? Do you have to deny fisrt communication and then permit any? Because using outside interface as destination does not work
Kind Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide