Announcement

Collapse
No announcement yet.

ASA 5510 DMZ implicit rule

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5510 DMZ implicit rule

    I'll try and keep this simple...

    The ASA is using 3 interfaces outside/inside/dmz.

    The DMZ is only housing our smarthost box and has no direct public access. Security levels are 0/100/50 respectively.

    As soon as i add a rule to the DMZ interface the implicit rule is taken away and the deny any/any blocks all net access but not just on the dmz side but on our inside as well.

  • #2
    Re: ASA 5510 DMZ implicit rule

    Yep - that's default behavior. For security reasons, the ASA is going to block EVERYTHING until you as an Administrator begin to poke holes to allow stuff through. The real-time log is your friend here. Filter the log to the inside IP address of the box you're using and attempt to use the services you need. The log will tell you what is blocked and in most cases can create a reverse access rule for you. Reverse access won't help you with NAT though. Also a good idea: use the built in packet-tracer on the Tools menu to test traffic and it will show you where it fails in the process.

    Regards,
    Scott
    Scott Pickles
    Systems Engineer
    VPN Systems, Inc.
    www. vpnsystems. com
    *******************
    CCNA - CCDA - BCMSN

    Comment

    Working...
    X