configuring cisco asa 5510 to enable traffic between interfaces

shamsoulhyuscience1994 · ‎09-26-2015

this is my currect interface config

interface Ethernet0/0
nameif internal
security-level 100
ip address 192.168.40.1 255.255.255.252
!
interface Ethernet0/1
shutdown
nameif outside
security-level 0
ip address 81.6.63.114 255.255.255.248
!
interface Ethernet0/2
shutdown
nameif dmz
security-level 50
ip address 172.16.24.1 255.255.255.252
!

how do i allow all traffic between internal and dmz?

Ganesh Hariharan · ‎09-27-2015

this is my currect interface config

interface Ethernet0/0
 nameif internal
 security-level 100
 ip address 192.168.40.1 255.255.255.252
!
interface Ethernet0/1
 shutdown
 nameif outside
 security-level 0
 ip address 81.6.63.114 255.255.255.248
!
interface Ethernet0/2
 shutdown
 nameif dmz
 security-level 50
 ip address 172.16.24.1 255.255.255.252
!

how do i allow all traffic between internal and dmz?

Hi , As suggested apply cal in DMZ in bound direction allowing for internal LAN subnet for access, make sure routing table indicates that internal lan subnet in pointing towards internal lan devices.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_nw.html

Hope it Helps..

-GI

Rate if it Helps..

Rishabh Seth · ‎09-27-2015

Hi,

Traffic from higher security level to lower security level is allowed on ASA. If you apply ACL on an interface then the ACL will take precedence over implicit security level behavior.

In your config Traffic from Internal to DMZ will be allowed (if ACL is applied on Internal interface then you need to permit traffic in ACL for Internal to DMZ). In case you are trying to initiate traffic from DMZ to Internal then you will need to create ACL and apply it on DMZ interface to permit traffic.

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!