08-20-2008 11:33 AM - edited 03-11-2019 06:33 AM
hi, can i block the traffic between the same ports of the asa? for example, the asa 5505 has 8 ports, the ethernet port from 1 to 7, are for the inside vlan, and i want to know if i can filter traffic using an ACL between the ethernet port 1 and 2 for example...if it is, how can i do that?
the ethernet port 0 is for the outside interface.
thanks
08-20-2008 07:02 PM
Just put an ACL on both interfaces to block the traffic.
But make sure you permit the rest :)
You can also assign them same security levels and don't permit same-security-traffic permit INTER interface.
Regards
Farrukh
08-20-2008 07:02 PM
By default, the same security level interfaces
cannot communicate with one another.
To allow communication between interfaces of the
same security level use the command
"same-security-traffic permit inter-interface"
You can also use ACL, something like this
access-list one2two permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-group one2two in interface inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide