03-08-2018 02:20 AM - edited 02-21-2020 07:29 AM
Hi
i have cisco 5525 ASA which is connected to core switch and dmz switch and i want the core switch side network (i.e 172.20.x.x) to access the DMZ network (192.168.x.x) and i run the following command on the ASA 5525
access-list inside-to-DMZ extended permit ip any any
and applied to core switch side interface(i.e inside) and DMZ side interface (i.e DMZ)
access-group inside-to-DMZ in interface DMZ
access-group inside-to-DMZ in interface inside
however i can't access the dmz network from the core switch side network so, what am gonna suppose to do ?
03-08-2018 07:18 AM
Depending on the security level, you don't generally need an ACL between inside and DMZ. You definitely don't need one on both inside and DMZ interfaces because an ASA is a stateful firewall - traffic allowed though in one direction is entered into a state table and the return traffic is automatically allowed.
Does the core know to route traffic to the ASA? Is there any NAT in place?
If you can share your configuration it would help better answer your question.
03-08-2018 09:44 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide