Need access to different subnets

Unanswered Question

We have a network in another state with subnet, and

I am trying to allow them to talk to the network we setup with the ASA device.

I am unable to get the subnet to talk to the, and subnets.

I added one other interface to the ASA device and plugged it in but we are receiving no packets on ethernet 0/2

Please let me know how we can get it to work properly.

Below is the config file:

hostname xxxx

enable password xxxxxxxxxxx





interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 192.168.1.xx


interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 10.10.11.xx


interface Ethernet0/2

speed 100

duplex full

nameif PA

security-level 100

ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0


no nameif

no security-level

no ip address



passwd 5wyJZrN0zZZDiHA6 encrypted

ftp mode passive

access-list outside_in extended permit icmp any any echo-reply

access-list outside_in extended permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu PA 1500

no failover

no asdm history enable

arp timeout 14400

static (inside,outside) netmask

access-group outside_in in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh outside

ssh timeout 60

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 06/08/2007 - 11:34

Since the interfaces are the same security level(100) you need

same-security-traffic permit inter-interface

Please rate if this helps.


This Discussion