Same Interface Routing

Unanswered Question
Nov 7th, 2007

Is there an option to turn on same interface routing?

For example, web server A and B are on a subnet behind an ASA using private addressing. Web Server A resolve B's domain name to it's public address ( I realize a host file could be used here, but given the number of servers, I'd rather not). However, since the ASA doesn't support same interface routing, the traffic from A never gets to B.

I thought I recall seeing somewhere that there was a command to enable this, but perhaps I'm confusing it with the same-security routing command.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dbobeldyk Wed, 11/07/2007 - 06:45

Found it:


To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.

same-security-traffic permit {inter-interface | intra-interface}

no same-security-traffic permit {inter-interface | intra-interface}

Syntax Description


Permits communication between different interfaces that have the same security level.


Permits communication in and out of the same interface.


This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode Firewall Mode Security Context

Routed Transparent Single Multiple

Context System

Global configuration






Command History

Release Modification


This command was introduced.


The intra-interface keyword now allows all traffic to enter and exit the same interface, and not just IPSec traffic


This Discussion