Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3510
Views
0
Helpful
2
Replies

ASA Internet Access Rule

Go to solution
Mokhalil82
Level 4
Level 4

‎06-05-2015 08:00 AM - edited ‎03-11-2019 11:03 PM

Hi

I was trying to configure a access rule to allow all internal users internet access on an asa 9.3 using ASDM. I don't want to use the default security levels as I will be adding other rules for specific access.

I configured a rule on the Inside IN interface to allows any source, to destination Outside interface on HTTP & HTTPS. Ive configured the NAT aswel. When I try running packet tracer, the trace fails on access rule. 

When I select destination as the outside subnet then I can only get to the outside subnet and not the internet. I may be missing something here and this is my first attempt. I was hoping I could just select the destination as the outside interface and should work.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-05-2015 08:09 AM

Hi,

By default as you know on the ASA device , if you have the traffic moving from the Higher Security interface to the lower one , you don;t need any ACL to be configured on the inside interface to allow the traffic.

If you want an ACL to restrict the traffic , you need to allow the traffic from any to any based on specific service rather than the ASA outside subnet as the destination would not be the ASA outside network.

I think if you correct this and apply a NAT statement , that should resolve the issue.

Otherwise , if you still see the issue , post the packet tracer output with the relevant configuration from the ASA device.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-05-2015 08:09 AM

Hi,

By default as you know on the ASA device , if you have the traffic moving from the Higher Security interface to the lower one , you don;t need any ACL to be configured on the inside interface to allow the traffic.

If you want an ACL to restrict the traffic , you need to allow the traffic from any to any based on specific service rather than the ASA outside subnet as the destination would not be the ASA outside network.

I think if you correct this and apply a NAT statement , that should resolve the issue.

Otherwise , if you still see the issue , post the packet tracer output with the relevant configuration from the ASA device.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
ptoumbas2011
Level 1
Level 1
In response to Vibhor Amrodia

‎12-12-2019 07:58 AM

Hi, i know this post is old but what if you have an inside ACL on a lower security level interface to allow traffic to another zone? The default hight to low permission does not work. How can you allow internet access? Do you have to deny fisrt communication and then permit any? Because using outside interface as destination does not work

 

Kind Regards 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card