Interfaces with same security

Unanswered Question
Dec 30th, 2007
User Badges:

i am using and asa5520 with ios 7.2(3). I have assigned all interfaces into security level 0. I have configured access lists to permit traffic through the interfaces but all traffic is denied. when i allow traffic between interfaces with the same security level then it ignores the access-list and allows all traffic. I have also disabled NAT. Can anyone help me with this. it seems I am missing some small configuration detail.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 12/30/2007 - 11:46
User Badges:
  • Green, 3000 points or more

Hi,..Im not clear on your post as to what you are trying to accomplish,I think it is important to understand same security level on interfaces and traffic between them to determined what you realy need to accomplish.


Same security level interfaces will required ACLs to communicate one another, this is in the event that the firewall does not have same-security-traffic permit inter-interface statement,on the other hand, if you do not want this efect and allow traffic flow between same security level interfaces without access-list then the above statement must be configured in asa global configuration



http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167



Rgds

Jorge

srue Sun, 12/30/2007 - 21:06
User Badges:
  • Blue, 1500 points or more

sounds like the OP is new to 'security-levels'. If that's the case, just accept the defaults, at least for the inside and outside interfaces, of 100 and 0, respectively. DMZ's can fall anywhere in between 0-100, inclusive, depending on your needs.


To go from a lower to a higher security level (0 to 100, for example) requires the use of ACL's.

Interfaces of the same security level either use ACL's or permit all depending on the 'same-security...' command.

Actions

This Discussion