Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

ASA5510 9.1 same-security-traffic

Hi everyone,

is there still the same problem with communication between two subinterfaces on same security level? Please see part of configuration below.

I have two vlans 40 and 60 on switch. One uplink connected from switch to FW interface ethernet0/3. I need to allow communication between this two VLANs but even if i have cnfigured same-security-traffic permit inter-interface and same-security-traffic permit intra-interface it does not work.

Do I need to configure static NAT for this two subnets or it should work without any additional configuration?

interface Ethernet0/3

no nameif

no security-level

no ip address

!

interface Ethernet0/3.40

description DMZ-40

vlan 40

nameif DMZ-40

security-level 50

ip address 192.168.1.254 255.255.255.0

!

interface Ethernet0/3.60

description DMZ-60

vlan 60

nameif DMZ-60

security-level 50

ip address 192.168.2.254 255.255.255.0

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

Thanks for advice.

Jan

2 REPLIES
Super Bronze

ASA5510 9.1 same-security-traffic

Hi,

I would start testing with "packet-tracer"

packet-tracer input DMZ-60 tcp 192.168.2.100 12345 192.168.1.100 80

Or use some other IP addresses or ports. Naturally if you are connecting in the other direction then use the other interface as the "input" interface.

This should show us if the problem is on the ASA

- Jouni

Bronze

ASA5510 9.1 same-security-traffic

Hi Jouni,

thanks for tip. I completely forgot to packet-tracer :-) From packet tracer it seems that it works perfectly. So tomorrow I will ask administrator what is his problem again. Because his try from computer fails.

Sorry for stupid question and thanks for quick advice :-)

Jan

75
Views
0
Helpful
2
Replies
CreatePlease to create content