solarisjunkie
asked on
Cisco ASA ACL
I have some "Internal" servers 192.x.x.x trying to telnet to a "DMZ" server 172.x.x.x on port 27000 and connection keeps failing. What access list rule via ASDM or CLI should I insert to get this working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If the internal servers are a subnet 192.x.x.0/24 how do I
adjust the ACL accordingly
adjust the ACL accordingly
You will need to adjust both the NAT and ACL to the /24 subnet for both DMZ and Inside.
!defining acl with interface
access-group DMZtoInside in interface DMZ
access-group InsidetoDMZ in interface inside
!example of static NAT
static (inside,DMZ) 172.20.1.5 192.168.2.20 netmask 255.255.255.255
!DMZ back to Inside server
access-list DMZtoInside permit tcp host 172.20.1.20 host 172.20.1.5 eq 27000
!inside server access to DMZ
access-list InsidetoDMZ permit tcp host 192.168.1.10 host 192.168.2.20 eq 27000