I did a quick investigation. Please correct me, if I am missing something.
With transparent firewall: - All IP traffic is allowed from higher security level interface to the lower level and the response is allowed back. - To allow any traffic from lower level to higher level, ACL should be configured to allow the traffic. - If nat-control is enabled, then NAT or static is mandatory else traffic is not allowed to cross the ASA. - For non-IP traffic. ethertype ACL is mandatory for both higher and lower security interfaces. With regards Kings On Mon, Oct 5, 2009 at 3:18 PM, Kingsley Charles <[email protected] > wrote: > Hi all > > If I have the ASA configured as transparent firewall, the arp traffic is > allowed across the firewall without the need of ACLs to be configured. > But for any other layer 3 traffic, do we need to allow them using ACLs. > > > For IP to cross the ASA, do we need to confgure IP ACLs. Do I need the > following? > > > access-list mine permit ip any any > > access-group mine in interface inside > access-group mine in interface outside > > > I am seeing an inconsistency in my ASA. Initially I was able to telnet > across the ASA only with the above configured later it worked without the > ACLs. > > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
