Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
0
Helpful
2
Replies

Same Interface Routing

dbobeldyk
Level 1
Level 1

‎11-07-2007 06:37 AM - edited ‎03-09-2019 07:16 PM

Is there an option to turn on same interface routing?

For example, web server A and B are on a subnet behind an ASA using private addressing. Web Server A resolve B's domain name to it's public address ( I realize a host file could be used here, but given the number of servers, I'd rather not). However, since the ASA doesn't support same interface routing, the traffic from A never gets to B.

I thought I recall seeing somewhere that there was a command to enable this, but perhaps I'm confusing it with the same-security routing command.

Labels:
0 Helpful
2 Replies 2

dbobeldyk
Level 1
Level 1

‎11-07-2007 06:45 AM

Found it:

same-security-traffic

To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.

same-security-traffic permit {inter-interface | intra-interface}

no same-security-traffic permit {inter-interface | intra-interface}

Syntax Description

inter-interface

Permits communication between different interfaces that have the same security level.

intra-interface

Permits communication in and out of the same interface.

Defaults

This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode Firewall Mode Security Context

Routed Transparent Single Multiple

Context System

Global configuration

•

•

•

•

-

Command History

Release Modification

7.0(1)

This command was introduced.

7.2(1)

The intra-interface keyword now allows all traffic to enter and exit the same interface, and not just IPSec traffic

0 Helpful

jpl861
Level 4
Level 4

‎11-07-2007 06:49 AM

Hi,

Is this what you are talking about? You can try this one too.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Regards,

John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents