I had following configuration but for example web connection was impossible. When I removed " access-group acl_outside in interface outside access-group acl_inside in interface inside " everything start working. What is wrong ?
regards Mika
nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 clock timezone GMT 0 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol icmp error fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list compiled access-list acl_inside permit tcp 10.0.0.0 255.255.255.0 any eq www access-list acl_inside permit tcp 10.0.0.0 255.255.255.0 any eq ftp access-list acl_inside permit tcp host 10.0.0.3 any eq pop3 access-list acl_inside permit tcp 10.0.0.0 255.255.255.0 any eq smtp access-list acl_inside permit icmp 10.0.0.0 255.255.255.0 any access-list acl_inside permit tcp 10.0.0.0 255.255.255.0 any eq https access-list acl_inside permit tcp host 10.0.0.12 any eq 3389 access-list acl_inside deny tcp any any access-list acl_inside deny udp any any access-list acl_outside permit icmp any any access-list acl_outside permit tcp any host 22.205.22.21 eq pop3 pager lines 24 logging on logging timestamp logging buffered errors logging trap warnings mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 22.205.22.21 255.255.255.252 ip address inside 10.0.0.1 255.255.255.0 no ip address intf2 ip verify reverse-path interface outside ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 10.0.0.0 255.255.255.0 0 0 static (inside,outside) tcp 22.205.22.21 pop3 10.0.0.3 pop3 netmask
255.255.255.255 0 0 access-group acl_outside in interface outside access-group acl_inside in interface inside route outside 0.0.0.0 0.0.0.0 22.205.22.20 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable snmp-server host inside 10.0.0.1 no snmp-server location no snmp-server contact snmp-server community RO snmp-server enable traps floodguard enable telnet timeout 5 ssh timeout 5 console timeout 0