I'm using a FWSM with static nat. I have an outside interface connected to the internet. I have an inside interface with security level 100. I added a second interface with security level of 100.
With ACL I'm not able to allow traffic to pass from one inside interface to another. I enabled 'same-security-traffic' between same security level interfaces.
Is there no means to allow traffic via ACLs between these interfaces? If I ahve to use the same-security-traffic then to I need to use deny ACLS to restrict unwanted traffic?
I need to add a DMZ interface. I planned to assign a security for the DMZ somewhere between 0 and 100. Will I be able to use ACLs to allow some traffic from the inside interface to the DMZ? I hope so. If that is the case maybe I should give the inside interface a level of 100 and all other less then 100 to avoid the same-security-traffic command.