Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to enable same security level interfaces to communicate with each other in v8.4

Hi All,

I have ASA 5585 with SSP20. I want to enable same security level subinterfaces (routed mode) to communicate with each other. 

I have put below command at global level but somehow it is not happening.

hostname(config)# same-security-traffic permit inter-interface

Do I also need to check for NATing or some other things apart from above command? If we have any examples which I can go through it would be a great help.

Thanks

Krutarth

2 REPLIES
Super Bronze

How to enable same security level interfaces to communicate with

Hi,

That should be the command you need.

I'm not 100% sure if you still need access-lists on the interface (Since I always make access-list for interface even though if everything was allowed through it)

You shouldnt need any NAT configurations between the interface (unless you want ofcourse)

- Jouni

How to enable same security level interfaces to communicate with

Hi Bro

Can you paste your latest FW configuration here, so that we can help you. This is a very easy simple problem.

If you ask me, since you already have the  "same-security-traffic permit inter-interface" command and all the sub-interfaces have the same security level in place, the only pending item here when it comes to verifying your configuration are;

a) to ensure ACLs are in placed with regards to all nameif/subinterfaces.

b) to ensure no NAT and no nat-control command are in place.

c) to verify the statistics in show asp drop command.

d) to ensure workstations in each of the subinterfaces have the proper default-gateway/routing.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
621
Views
0
Helpful
2
Replies
CreatePlease to create content