Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
3
Replies

ASA5510 access from one VLAN to another but not the other way around

Martijn de Loos
Level 1
Level 1

‎07-29-2015 05:19 AM - edited ‎03-08-2019 01:09 AM

Hello,

Our office site has multiple VLAN subnets. Our firewall is an ASA5510. I am trying to achieve the following:

VLAN 10 may access VLAN 20's resources, such as HTTP (there are a few intranet webservers in this VLAN) but VLAN 20 may not access VLAN 10 at all. The issue I am facing right now is that I have to create an ACL on both VLAN 10 and 20 stating both networks are allowed to reach each other. If I only allow VLAN 10 to access 20 but deny VLAN 20 to 10 through an ACL, users complain they cannot reach the intranet webservers.

How can I achieve the above?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

Hitesh Vinzoda
Level 4
Level 4

‎07-29-2015 09:14 AM

Hello,

 

you don't need bidirectional ACL's just 10 to 20 should work.

what are the security levels of the interfaces vlan 10 and 20?

Thanks

Hitesh

0 Helpful

Martijn de Loos
Level 1
Level 1
In response to Hitesh Vinzoda

‎07-29-2015 09:55 AM

Hi Hitesh,

Both VLANs are security-level 50.

0 Helpful

Hitesh Vinzoda
Level 4
Level 4
In response to Martijn de Loos

‎07-29-2015 10:08 AM

Thats why you need ACL's both ways.

 

can you change the security level of VLAN20 to 49 ? and try.

 

If this is a production network and any other dependent configuration, you may want to consider the dependency and then change the config.

 

HTH

Hitesh

0 Helpful
Customers Also Viewed These Support Documents