ASA security issue access from low security level to high security level without nat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2016 12:36 PM - edited 03-12-2019 12:05 AM
Hi,
I'm experiencing a security issue. I have ASA 9.5.2. with some interfaces. a server on the lower security level can access another server on the higher security level without nat.
The server on the low level have an ACL allow it to any tcp/80.
Exemple:
interface A
security-level 50
Server A --> to any : tcp/80
Interface B
security-level 90
There is not nat between the 2 interfaces.
Thanks for your help.
Jpmegel
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2016 02:52 PM
It works as designed. NAT is completely optional. The ACLs enforce your security-policy. If the server on the lower level should not reach the server on the higher security level, then you have to change your ACL and remove or restrict your permit-statements.
