Forum Replies

  1. Thanks Rene for your introduction to firewall.
    just a friendly feedback, I like a lot your videos when you use the White Board in person with your colored pens, It’s amazing, please keep using it. I feel like I am sitting in a real classroom.

  2. Hi, quick question regarding the service policy placement on the ASA, not including global because that’s pretty self explanatory. I created just a simple topology where the ASA was in the middle and has 2 routers on either side, the outside interface had a security level of 0 and inside 100, the outside interface is also blocking all traffic coming in. I implemented NAT on the ASA as well to change the inside network IP’s to the outside interface.

    My policy map inspects ICMP and i applied it to a service policy that was placed on the inside interface, i tested

    ... Continue reading in our forum

  3. Hello Michael

    First of all, we apologise for the late response. This is an excellent question, and thank you for sharing it with us.

    It all has to do with order of operations. The standard document that is usually provided for order of operations regarding NAT is the following:


    Based on this, the inside to outside and outside to inside orders are different. This means that when the traffic returns, it first goes through a NAT outside to inside translation and then goes

    ... Continue reading in our forum

  4. taking in mind this excerpt from this lesson:

    “To ensure traffic from the OUTSIDE is able to reach the servers in the DMZ, we will use an access-list that only permits traffic to the IP address (and port numbers) that the servers in the DMZ use.”

    Where you have to configure the ACL ? i mean, if i want to permit a specific public ip addr to have connectivity to a mail server behind the firewall, i could configure an ACL to permit this public ip addr, but where the ACL has to be located ?

  5. Hello Juan

    Keep in mind that traffic from a lower security level to a higher security level is denied by default. In general, a DMZ will have a higher security level than the outside interface, so in order to go against this default behaviour, an access list which will permit such traffic must be applied.

    Now the ACL itself is defined globally using the well-known access list syntax. Once it is defined, you must then apply it to an interface specifying an in our outbound direction. You can find out more information about how to apply access lists on an ASA a

    ... Continue reading in our forum

9 more replies! Ask a question or join the discussion by visiting our Community Forum