02-29-2016 10:00 AM - edited 03-12-2019 12:25 AM
I have read at several places that after 8.3 you dont need NAT to communicate from Inside to DMZ ( High security Zone to Low Security Zone )
and Only Need ACL Permitting this communication.
But for me it doesnt seems to be working.
any help?
192.168.92.10 switch i am trying to access from inside, and it has gateway 192.168.92.1 (Dmz interface of ASA)
access-list INSIDE-TO-DMZ extended permit tcp any host 192.168.92.10 eq ssh
access-group INSIDE-TO-DMZ out interface DMZ
access-list DMZ-TO-INSIDE Deny IP any any
access-group DMZ-TO-INSIDE in interface DMZ
below is show connection output.
TCP DMZ: 192.168.92.10/22 (192.168.92.10/22) LAN: 10.95.36.26/55070 (10.95.36.26/55070), flags saA , idle 1s, uptime 4s, timeout 30s, bytes 0
02-29-2016 10:23 AM
By default, traffic from higher Security Level to lower Security Level is allowed and so is the reply traffic as the stateful inspection is on by default, so no Initial ACL is needed.
02-29-2016 10:25 AM
Resolved it, by adding default route in Switch that was sitting in DMZ.
But its Lan Base Image 3850X, why it needed a default route instead of default gateway ?
Slot# License name Type Count Period left
----------------------------------------------------------
1 lanbase permanent N/A Lifetime
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide