am confused a little bit....by default ip traffic is allowed from higher to lower security level....i had just configured interfaces with security level, name and ip address and no shutdown....the traffic will pass throught the asa or not....no NAT , ACL or Routes are configured....
I am not sure I understand your question correctly. Do you mean that you have configured the interfaces and traffic is not passing?
If you configure one interface with security level 100 and another with a security level lower than 100 (lets say 0 for simplicity) then, as of version 8.3, traffic will pass through the ASA from the higher security level to the lower security level without the need of further configuration. That is assuming that on the lower security level interface is not connected to the internet where private IP address range is not routable. In this case traffic will pass through the ASA, you will just not get any return traffic.
Prior to 8.2 you had to configure a NAT statement or issue the no nat-control command in order for traffic to be allowed through the ASA but as of 8.2 that feature was disabled by default and in 8.3 (or perhaps 8.4) it was removed completely.
If you add an ACL to the ASA interface then the security levels have nothing to say in the way traffic flows. The security levels only come into play if there are no ACLs configured on the interface.
-- Please remember to rate and select a correct answer
Please remember to rate and select a correct answer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...