We help IT Professionals succeed at work.

ASA Question?

127 Views
Last Modified: 2019-01-11
Howdy folks,

I have a question in regards the ASA 5505. I totally understand the concept from higher to lower level, but I noticed something interesting while I was doing something at work today. Traffic from my inside could see my web server located in my DMZ via local IP address. For example source local IP (MyPC 192.168.1.50) was able to establish tcp session towards my Apache server addressed to 192.168.50.50.  I thought once you've created level of security none of them interface should communicate unless you have an access-rule such as NAT or ACCESS-LIST in placed. Please let me know if im wrong.

 Also, I have no routing nor access-list, just basic simple configuration, I just noticed it after mistakenly typed an IP address.

INSIDE 100
OUTSIDE 0
DMZ 50

Thanks you!
Comment
Watch Question

SouljaSr.Net.Eng
CERTIFIED EXPERT
Top Expert 2011

Commented:
By default higher level can communicate to lower security level. Once you place an ACL then that rule goes out the window. So above. INSIDE can talk to OUTSIDE and DMZ. Lower Level can't talk to higher level by default.
Hemil AquinoNetwork Security Engineer
Distinguished Expert 2018

Author

Commented:
Hi Soulja,

Thank you for your reply, so it is normal that my INSIDE network can communicate with the port 80 DMZ cause higher to lower?
Other than that I cannot ping nor do anything which is fine.

My question to you is, by default does ASA send traffic from a higher level towards DMZ opening a tcp communication to connect to web server port 80?

Thank you!
Sr.Net.Eng
CERTIFIED EXPERT
Top Expert 2011
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions