Options

ASA Question

marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
in CCNP Security
Hi. If i have two ports say A with sec level of 100 and another port B with sec level of 50. And i wish for traffic from port B to communicate to port A only on certain ports. I read that i need not only an ACL but also a nat statement to allow this. The acl is easy enough but i am confused about the nat. Am i supposed to create a static nat?

Thanks in advance.
· Share on FacebookShare on Twitter

Comments

  • Options
    shednikshednik Member Posts: 2,005
    It all depends on how you want to do it....I'm assuming the interface with a security level of 50 is a DMZ and you wouldn't want it to actually be changed going to the inside interface. So the best way I can describe what needs to be done is a statement to translate to itself...you can setup a NAT statement for anything sourcing from the "DMZ" interface to the inside to remain unchanged going to the inside interface.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.