as title suggest, I'm trying to do something that should be simple, but I understand ASA is the anti-router and by default hates everything I want it to do...
I have inside1 with 192.168.0.0/24 and inside2 with 192.168.100.0/24
currently:
-
inside1 is security level 100
-
inside2 (new) is security level 99
-
both 1 and 2 can access internet (outside int)
-
I created NAT Exempt rule for inside1 interface with source of 1 and dest of 2, this allowed me to ping from 1 to 2! (GREAT SUCCESS lol)
-
I created two ACLs for both inside1 and inside2 interfaces (because I don't know what I'm doing, like AT ALL with this ASA), the 2 rules for each are any/the-other-inside-int and the-other-inside-int/any , so I made 4 ACLs.
I cannot get 2 to ping to 1, no matter what I do.. The goal is to put voip phones on inside2 and have them be able to access the main LAN for email server and other thngs, I can further restrict that later, for now I'd like it all to just talk.
btw this ASA has the old pre 8.2 config, in case it matters?
No comments:
Post a Comment