Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
2
Replies

Starting inbound sessions from the directly connected outside subnet

Go to solution
aacole
Level 5
Level 5

‎01-24-2014 01:50 AM - edited ‎03-11-2019 08:35 PM

Hi, I recall from the PIX days that inbound sessions were not permitted from a host directly connected into the subnet assigned to the outside interface on the firewall.

I have been asked to advise on a test setup, where we need to test inbound sessions, and it was proposed that the test host be placed in the outside subnet. I suggested that we have a router conected to the outside subnet, but some decided its too complex!

Does this restriction apply to ASA runing 8.x code?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 02:20 AM

Hi,

I am not sure I am aware of the limitation you mention. Then again I havent really been in touch with PIXs other than the few that still are in some networks.

I did a quick test for my home ASA running 8.4(5)

I made a Static NAT for my internal networks Router and allowed management connection from the ISP core and logged to the core device and attempted the management connection and it worked just fine. The source IP address for the management connection is from the directly connected subnet between the core and my ASA and the destination IP address was also a IP address from that same subnet.

So any such limitation should not be present.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 02:20 AM

Hi,

I am not sure I am aware of the limitation you mention. Then again I havent really been in touch with PIXs other than the few that still are in some networks.

I did a quick test for my home ASA running 8.4(5)

I made a Static NAT for my internal networks Router and allowed management connection from the ISP core and logged to the core device and attempted the management connection and it worked just fine. The source IP address for the management connection is from the directly connected subnet between the core and my ASA and the destination IP address was also a IP address from that same subnet.

So any such limitation should not be present.

- Jouni

0 Helpful

Go to solution
aacole
Level 5
Level 5
In response to Jouni Forss

‎01-24-2014 02:54 AM

Wow, thanks for quick reply Jouni!

That answers my question.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card