Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2091
Views
0
Helpful
2
Replies

Firewall policy

CiscoIPMAN
Level 1
Level 1

‎11-09-2019 10:24 AM - edited ‎02-21-2020 09:40 AM

I am trying to have an external user (outside the perimeter of my network) that needs to access a server in the data center. Would I need to create 2 policies for this? One fw policy when it comes into the border firewall and another at the data center firewall? Say for example they needed http and https access.

 

Thanks for any help!!

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎11-09-2019 12:25 PM

here is the example guide - i am in impression both are ASA FW.

 

this is the guide for external FW.

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html

 

Internal DC FW you do not require NAT. Hopefull in the normal environment Internal LAN IP address allowed to use DC HTTP / HTTPS port ( i am guessing you do not need any rules)

 

Once you made changes external FW NAT and ACL allow incoming for the request, if working good, if not you need to have allowed ACL in the DC FW for the IP you doing NAT. (if you have different IP address range for DC application servers).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Karsten Iwen
VIP
VIP

‎11-10-2019 09:19 AM

I would rethink about your access-strategy. If it is an unknown external user, then terminate the session in a DMZ at a reverse proxy. If it is a known user that is somehow related to your company, let him VPN into your environment. In both cases you don't need to open your data-centre to the outside world.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card