08-02-2016 01:25 PM - edited 03-12-2019 01:05 AM
Very basic question on firewall rules on the ASA.
I have 2 interfaces. Lets call them LAN 1 & LAN 2. Both have the same security level.
HOST A on LAN 1 should communicate with HOST B on LAN 2 on http only
So the rule for LAN 1 interface is:
Source: HOST A
Destination: HOST B (LAN 2)
Port: 80/tcp
Do I then need to put a rule in LAN 2 interface like so:
Source: HOST A (LAN 1)
Destination: HOST B
Port: 80/tcp
08-02-2016 01:40 PM
You only need the first rule. The return traffic will be allowed automatically.
You will need the config "same-security-traffic permit inter-interface".
08-02-2016 01:57 PM
Lets assume the LAN 2 interface (sec level 100) has a higher security level then LAN 1 (sec level 90)
I know a higher level can access a lower security level but if I want the traffic to be restricted so HOST B can only respond to HOST A, would I need the 2nd rule?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide