cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
2
Replies

ASA and VLANs, same security level

rcordeiro
Level 1
Level 1

Hi all,

2 ASA5520 (active/standby). I have 10 VLANs, all with same security level (100) they are all internal networks, I them to talk each other without NAT but I'm getting a strange behaviour, I have a NAT dynamic so they can get to the Internet and a NAT EXEMPT when the traffic needs to go to the other VLANs. The strange thing is that I have "SYN Timeout" to some machines on TCP traffic but I always have ICMP connectivity. Accessing from one VLAN to the other can give me access to one machine without problem and no TCP connections to another on the same VLAN.

Any advise?

Regards

2 Replies 2

rob.stoop
Level 1
Level 1

you also configured same security traffic?

same-security-traffic permit inter-interface

Hi,

Yes, I have enabled inter-interface traffic and for some machines it works but not for others (only on TCP traffic) because with ICMP it always works.

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: