11-07-2007 06:37 AM - edited 03-09-2019 07:16 PM
Is there an option to turn on same interface routing?
For example, web server A and B are on a subnet behind an ASA using private addressing. Web Server A resolve B's domain name to it's public address ( I realize a host file could be used here, but given the number of servers, I'd rather not). However, since the ASA doesn't support same interface routing, the traffic from A never gets to B.
I thought I recall seeing somewhere that there was a command to enable this, but perhaps I'm confusing it with the same-security routing command.
11-07-2007 06:45 AM
Found it:
same-security-traffic
To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.
same-security-traffic permit {inter-interface | intra-interface}
no same-security-traffic permit {inter-interface | intra-interface}
Syntax Description
inter-interface
Permits communication between different interfaces that have the same security level.
intra-interface
Permits communication in and out of the same interface.
Defaults
This command is disabled by default.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode Firewall Mode Security Context
Routed Transparent Single Multiple
Context System
Global configuration
â¢
â¢
â¢
â¢
-
Command History
Release Modification
7.0(1)
This command was introduced.
7.2(1)
The intra-interface keyword now allows all traffic to enter and exit the same interface, and not just IPSec traffic
11-07-2007 06:49 AM
Hi,
Is this what you are talking about? You can try this one too.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
Regards,
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: