ASA and same-security-traffic permit inter-interface

Unanswered Question
Apr 12th, 2009
User Badges:

I have the same security interfaces:

interface Ethernet0/0

nameif dmzlan

security-level 40

ip address 192.168.164.56 255.255.252.0

!

interface Ethernet0/3

nameif dmzinet

security-level 40

ip address 213.182.168.1 255.255.255.0

And used "no same-security-traffic permit inter-interface"

But with this setting acls with "permit" don't work between this interfaces.

Can I allow some traffic between this interfaces using ACLs?

============

Or the only way to make it is to use "same-security-traffic permit inter-interface" and use acls with deny last line of each acl chain?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vikram_anumukonda Mon, 04/13/2009 - 04:27
User Badges:
  • Bronze, 100 points or more

"the only way to make it is to use "same-security-traffic permit inter-interface" and use acls with deny last line of each acl chain " -that's the answer.

Actions

This Discussion