Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
195
Views
0
Helpful
2
Replies

Basic rule question on ASA

louis0001
Level 3
Level 3

‎08-02-2016 01:25 PM - edited ‎03-12-2019 01:05 AM

Very basic question on firewall rules on the ASA.

I have 2 interfaces. Lets call them LAN 1 & LAN 2. Both have the same security level.

HOST A on LAN 1 should communicate with HOST B on LAN 2 on http only

So the rule for LAN 1 interface is:

Source: HOST A
Destination: HOST B (LAN 2)
Port: 80/tcp

Do I then need to put a rule in LAN 2 interface like so:

Source: HOST A (LAN 1)
Destination: HOST B
Port: 80/tcp

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎08-02-2016 01:40 PM

You only need the first rule.  The return traffic will be allowed automatically.

You will need the config "same-security-traffic permit inter-interface".

0 Helpful

louis0001
Level 3
Level 3
In response to Philip D'Ath

‎08-02-2016 01:57 PM

Lets assume the LAN 2 interface (sec level 100) has a higher security level then LAN 1 (sec level 90)

I know a higher level can access a lower security level but if I want the traffic to be restricted so HOST B can only respond to HOST A, would I need the 2nd rule?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card