12-05-2023 04:55 PM - last edited on 12-05-2023 09:09 PM by shazubai
I have been trying to configure http/https access to the server located in DMZ. I have configured firewall to allow traffic flow from INSIDE to DMZ and back. The http packet travels from inside to DMZ, but while return route, somehow the firewall drops the packet saying "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list.", even though I have added access-list to allow the traffic back. I'm not able to figure out the problem. Can someone please guide me.
Thank you so much for your time in advance !!
(I have attached the topology, firewall running stats and firewall NAT conf.
12-05-2023 08:31 PM
You need hairpin NAT if the inside hosts is NATing to outside interface.
And if the inside host use public ip of dmz not it real IP.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide