Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 Interface Communication Help Needed

I need some help in establishing communication between my “inside” interface and a third interface called “test” on an ASA 5510. This third interface called “test” is connected to a WatchGuard Firebox which is acting as a VPN device and has an IP address of I have three interfaces setup on the ASA in the following fashion:

interface Ethernet0/0

nameif outside

security-level 0

ip address

interface Ethernet0/1

nameif inside

security-level 100

ip address

interface Ethernet0/2

nameif test

security-level 0

ip address

The inside interface is able to communicate with the Internet because of this:

nat (inside) 1

global (outside) 1 interface

route outside 1

Can someone please help with the commands which will allow communication from the inside interface to the test interface? No matter what I have tried, it does not work. I can provide any additional information which is required.

  • Firewalling
Hall of Fame Super Silver

ASA 5510 Interface Communication Help Needed

You inside hosts should be able to communicate with hosts on the test interface network ( by virtue of the implicit rule allowing communication from higher to lower security level. (That would be assuming no more restrictive access-list is in place.)

Depending on how you want things to work, you may also need a global (test) statement to nat traffic out the test interface or nat exempt statement. The latter would look something like:

access-list EXEMPT permit ip any

nat (test) 0 access-list EXEMPT

This widget could not be displayed.