![]() Sanitized configs for both locations are as follows: : ASP packet captures have not helped either. Besides those ACL entries I have no entries in my ACLs concerning traffic from Location B. Since it looks like the problem with Location A's ASA, I've tried the following NAT and ACL additions (outside_access_in is the ACL applied to the outside interface, dmz_access_in is the ACL applied to the DMZ): access-list dmz_access_in extended permit tcp object (location B)-remote_network object-group DMZ_Servers eq httpsĪccess-list outside_access_in extended permit tcp object (location B)-remote_network object-group DMZ_Servers eq https On those packet traces I'm testing HTTPS access since it's one of the ports I need open across the two zones. New flow created with id 568767, packet dispatched to next module Nat (inside,outside) source static Location_B_Networks Location_B_Networks destination static Remote_DMZ Remote_DMZ no-proxy-arp route-lookupĪccess-group OWL_inside in interface insideĪccess-list OWL_inside extended permit ip any4 any4 = LocationB-Firewall# packet-tracer input inside tcp 443 443 In id=0x73cb5f60, priority=11, domain=permit, deny=true Nat (dmz,outside) source static DMZ_Servers DMZ_Servers destination static (location B)-remote_network (location B)-remote_network no-proxy-arp route-lookup ![]() * *LocationA-Firewall# packet-tracer input inside tcp 443 443 detailed Attached are sanitized configs from both locations. ![]() Below are my packet traces from both locations. Currently I'm trying to set NAT and ACL(s) so that hosts on the Location B inside network can access a few servers in Location A's DMZ. I have an EZVPN running between two locations, Location A has a 5520 and is the EZVPN server, Location B has a 5506 and is a EZVPN client. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |