Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
1
Replies

ASA security issue access from low security level to high security level without nat

jpmegel
Level 1
Level 1

‎01-02-2016 12:36 PM - edited ‎03-12-2019 12:05 AM

Hi, 

I'm experiencing a security issue. I have ASA 9.5.2. with some interfaces. a server on the lower security level can access another server on the higher security level without nat.

The server on the low level have an ACL allow it to any tcp/80.

Exemple: 

interface A 

security-level 50

Server A --> to any  : tcp/80

Interface B 

security-level 90

There is not nat between the 2 interfaces. 

Thanks for your help. 

Jpmegel

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎01-02-2016 02:52 PM

It works as designed. NAT is completely optional. The ACLs enforce your security-policy. If the server on the lower level should not reach the server on the higher security level, then you have to change your ACL and remove or restrict your permit-statements.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card