Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
1
Replies

Error while getting back from DMZ to INSIDE zone

https
Level 1
Level 1

‎12-05-2023 04:55 PM - last edited on ‎12-05-2023 09:09 PM by Cisco Employee

I have been trying to configure http/https access to the server located in DMZ. I have configured firewall to allow traffic flow from INSIDE to DMZ and back. The http packet travels from inside to DMZ, but while return route, somehow the firewall drops the packet saying "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list.", even though I have added access-list to allow the traffic back. I'm not able to figure out the problem. Can someone please guide me.

Thank you so much for your time in advance !!

(I have attached the topology, firewall running stats and firewall NAT conf.

Labels:
Preview file
91 KB
Preview file
1 KB
Preview file
3 KB
0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎12-05-2023 08:31 PM

You need hairpin NAT if the inside hosts is NATing to outside interface.

And if the inside host use public ip of dmz not it real IP.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card