Testing in a lab…I have a VLAN directly attached to a Cisco ASA 5520 that contains host machines who use IPs from a public address space, 11.11.11.0/26 for example. The ASA has two interfaces this dmz interface containing the hosts on the 11.11.11.0/26 and an outside interface containing a /30 peering point to an ASR running BGP etc.
Is there a way to configure the ASA to allow connectivity to and from this 11.11.11.0/26 without having to put in NAT statements since both interfaces are two different security-levels?
-
dmz security-level 50 (11.11.11.1/26)
-
outside security-level 0 (11.11.11.65/30) to ASR
Thanks for everyones help in advance!
Best Answer
Disable nat-control. Apply permit acl to outside interface.