two firewall with same security level

Network Pro · ‎03-14-2014

hi,

my topology is

ISP 1 ISP 2

| |

Firewall 1 ----------Firewall 2

| |

| ___ L3 Switch ___|

Both firewalls are connected back to back with same security level (60). - DMZ interface

Both firewalls run ospf and default route is injected by firewall 1 to firewall 2 (dmz interface) and l3 switch - which is all fine. I can see the ospf routes but when i try to ping outside world from Firewall 2 through to Firewall 1 on dmz interface i cant seem to get a response although from L3 switch i can ping outside world ?

I have tried adding same-security level permit inter interface traffic (or something similar) on both interface of the firewall but no joy. any thoughts please ?

Jon Marshall · ‎03-14-2014

I don't think it is a same-security issue as these are separate firewalls.

Are the DMZ interfaces using private addressing and if so have you setup NAT for them when they go via the outside interface ?

Jon

Marius Gunnerud · ‎03-14-2014

As Jon has mentioned this is not a security level issue, and is most likely a NAT issue, or possible a routing issue though this is very unlikely.

Please post the running configue (remove all passwords and public IPs) for both the ASAs. Seeing the configuration will help us identify where the problem might be.

--

Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts