Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
3
Replies

Security levels on ASA

Andy White
Level 3
Level 3

‎12-02-2009 03:54 AM - edited ‎03-11-2019 09:44 AM

Hello,

I'm trying to allow traffic between 2 VLAN's/sub interfaces on my ASA, the both have their security Level set at 25.  At the moment I can't even ping devices between the 2 and my access lists are wide open.  I raised one of the security groups to 35 and everything seem to work.

I'm left a little confused, if security levels are the same are the untrusted?  What ever I did on the access list side (to open it up) seemed to be ignored.

Labels:
0 Helpful
3 Replies 3

johnbroadway
Level 1
Level 1

‎12-02-2009 04:06 AM

hi,

have you tried enabling the same level intra-interface communications. Here's a link all about it:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

hostname(config)# same-security-traffic permit inter-interface

regards

John

0 Helpful

Andy White
Level 3
Level 3
In response to johnbroadway

‎12-02-2009 04:33 AM

Thanks John,

Is this commonly enable by most, I set both these sub interfaces to the same as they sort of need resources from each, have the same security set like you mention is a good idea in my eyes.

0 Helpful

johnbroadway
Level 1
Level 1
In response to Andy White

‎12-02-2009 04:45 AM

It is a fairly new option (I think since V7 ish) for your sort of instance.

If both interfaces require resources from the other then it seems a reasonable approach to me.

John

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card