Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Interfaces with same security

i am using and asa5520 with ios 7.2(3). I have assigned all interfaces into security level 0. I have configured access lists to permit traffic through the interfaces but all traffic is denied. when i allow traffic between interfaces with the same security level then it ignores the access-list and allows all traffic. I have also disabled NAT. Can anyone help me with this. it seems I am missing some small configuration detail.


Re: Interfaces with same security

Hi,..Im not clear on your post as to what you are trying to accomplish,I think it is important to understand same security level on interfaces and traffic between them to determined what you realy need to accomplish.

Same security level interfaces will required ACLs to communicate one another, this is in the event that the firewall does not have same-security-traffic permit inter-interface statement,on the other hand, if you do not want this efect and allow traffic flow between same security level interfaces without access-list then the above statement must be configured in asa global configuration




Re: Interfaces with same security

sounds like the OP is new to 'security-levels'. If that's the case, just accept the defaults, at least for the inside and outside interfaces, of 100 and 0, respectively. DMZ's can fall anywhere in between 0-100, inclusive, depending on your needs.

To go from a lower to a higher security level (0 to 100, for example) requires the use of ACL's.

Interfaces of the same security level either use ACL's or permit all depending on the 'same-security...' command.

CreatePlease login to create content