i am using and asa5520 with ios 7.2(3). I have assigned all interfaces into security level 0. I have configured access lists to permit traffic through the interfaces but all traffic is denied. when i allow traffic between interfaces with the same security level then it ignores the access-list and allows all traffic. I have also disabled NAT. Can anyone help me with this. it seems I am missing some small configuration detail.
Hi,..Im not clear on your post as to what you are trying to accomplish,I think it is important to understand same security level on interfaces and traffic between them to determined what you realy need to accomplish.
Same security level interfaces will required ACLs to communicate one another, this is in the event that the firewall does not have same-security-traffic permit inter-interface statement,on the other hand, if you do not want this efect and allow traffic flow between same security level interfaces without access-list then the above statement must be configured in asa global configuration
sounds like the OP is new to 'security-levels'. If that's the case, just accept the defaults, at least for the inside and outside interfaces, of 100 and 0, respectively. DMZ's can fall anywhere in between 0-100, inclusive, depending on your needs.
To go from a lower to a higher security level (0 to 100, for example) requires the use of ACL's.
Interfaces of the same security level either use ACL's or permit all depending on the 'same-security...' command.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :