ASA and VLANs, same security level

Unanswered Question
Jul 19th, 2009
User Badges:

Hi all,

2 ASA5520 (active/standby). I have 10 VLANs, all with same security level (100) they are all internal networks, I them to talk each other without NAT but I'm getting a strange behaviour, I have a NAT dynamic so they can get to the Internet and a NAT EXEMPT when the traffic needs to go to the other VLANs. The strange thing is that I have "SYN Timeout" to some machines on TCP traffic but I always have ICMP connectivity. Accessing from one VLAN to the other can give me access to one machine without problem and no TCP connections to another on the same VLAN.

Any advise?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rob.stoop Tue, 07/21/2009 - 09:54
User Badges:

you also configured same security traffic?

same-security-traffic permit inter-interface

rcordeiro Wed, 07/22/2009 - 05:38
User Badges:


Yes, I have enabled inter-interface traffic and for some machines it works but not for others (only on TCP traffic) because with ICMP it always works.



This Discussion