ASA security issue access from low security level to high security level without nat

jpmegel · ‎01-02-2016

Hi,

I'm experiencing a security issue. I have ASA 9.5.2. with some interfaces. a server on the lower security level can access another server on the higher security level without nat.

The server on the low level have an ACL allow it to any tcp/80.

Exemple:

interface A

security-level 50

Server A --> to any : tcp/80

Interface B

security-level 90

There is not nat between the 2 interfaces.

Thanks for your help.

Jpmegel

Karsten Iwen · ‎01-02-2016

It works as designed. NAT is completely optional. The ACLs enforce your security-policy. If the server on the lower level should not reach the server on the higher security level, then you have to change your ACL and remove or restrict your permit-statements.

ASA security issue access from low security level to high security level without nat

Port-Security - Configuração Básica

Secure Access Resource Repository

Action Required: Duo Security guide on how to Protect Applications

Cisco Secure Client 5.1.9.113 (MR9)

Cisco Secure Client 5.1.8.105 (MR8)