An administrator is troubleshooting a new ASDM configured security appliance. A remote user is trying to establish a web session with the dmz1_host and the in_host from a PC on the outside network. The remote user is able to establish a FTP connection with the in_host successfully from the outside. However, they are unable to connect to the dmz1_host with an IP address of 192.168.1.4 from their outside PC. The administrator checked the access-lists and they were correct. The next step was to check the security appliance interfaces and NAT configuration screens. From information present on the ASDM screens, what appears to be the issue why the remote user can not create a web session with the dmz1_host?
A.
With Nat-control disabled, the end user should target the real dmz1_host IP address.
B.
If the remote user can not connect to dmz1_host using the 192.168.1.4, the administrator should check the remote user’s PC configuration.
C.
The administrator should enable Inter-interface routing.
D.
The administrator should select “enable traffic through the firewall without address translation” checkbox.
Explanation:
Configuring Inter-Interface Communication
Allowing communication between same security interfaces provides the following benefits:
You want protection features to be applied equally for traffic between two interfaces; for example, you have two departments that are equally secure.
For different security level interfaces, many protection features apply only in one direction, for example, inspection engines, TCP intercept, and connection limits. If you enable same security interface communication, you can still configure interfaces at different security levels as usual.
FWSM/contexta(config)# same-security-traffic permit inter-interface