Configure a Cisco ASA firewall policy that filters traffic between source and destination. ASA with 2 interfaces and a PC on each segment.
Solved! Go to Solution.
Hello
By default in ASA icmp reply from a lower level interface isnt allowed so you need to either allow them in the global_policy policy map or create a acl to allow them, And as you have stated you wish to use objects for both source/destination subnets the acl is what is required.
object network LAN
subnet 192.168.1.0 255.255.255.0
object network WAN
subnet 10.10.10.0 255.255.255.0
access-list 100 extended permit icmp object WAN object LAN echo-reply
access-group 100 in interface outside <--replace with the interface name of your wan interface
Note: The above acl will ONLY allow return traffic from the subnets specified in the network objects
Thank You!
Hello
By default in ASA icmp reply from a lower level interface isnt allowed so you need to either allow them in the global_policy policy map or create a acl to allow them, And as you have stated you wish to use objects for both source/destination subnets the acl is what is required.
object network LAN
subnet 192.168.1.0 255.255.255.0
object network WAN
subnet 10.10.10.0 255.255.255.0
access-list 100 extended permit icmp object WAN object LAN echo-reply
access-group 100 in interface outside <--replace with the interface name of your wan interface
Note: The above acl will ONLY allow return traffic from the subnets specified in the network objects