08-20-2008 11:33 AM - edited 03-11-2019 06:33 AM
hi, can i block the traffic between the same ports of the asa? for example, the asa 5505 has 8 ports, the ethernet port from 1 to 7, are for the inside vlan, and i want to know if i can filter traffic using an ACL between the ethernet port 1 and 2 for example...if it is, how can i do that?
the ethernet port 0 is for the outside interface.
thanks
08-20-2008 07:02 PM
Just put an ACL on both interfaces to block the traffic.
But make sure you permit the rest :)
You can also assign them same security levels and don't permit same-security-traffic permit INTER interface.
Regards
Farrukh
08-20-2008 07:02 PM
By default, the same security level interfaces
cannot communicate with one another.
To allow communication between interfaces of the
same security level use the command
"same-security-traffic permit inter-interface"
You can also use ACL, something like this
access-list one2two permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-group one2two in interface inside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: