Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need access to different subnets

We have a network in another state with subnet, and

I am trying to allow them to talk to the network we setup with the ASA device.

I am unable to get the subnet to talk to the, and subnets.

I added one other interface to the ASA device and plugged it in but we are receiving no packets on ethernet 0/2

Please let me know how we can get it to work properly.

Below is the config file:

hostname xxxx

enable password xxxxxxxxxxx





interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 192.168.1.xx


interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 10.10.11.xx


interface Ethernet0/2

speed 100

duplex full

nameif PA

security-level 100

ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0


no nameif

no security-level

no ip address



passwd 5wyJZrN0zZZDiHA6 encrypted

ftp mode passive

access-list outside_in extended permit icmp any any echo-reply

access-list outside_in extended permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu PA 1500

no failover

no asdm history enable

arp timeout 14400

static (inside,outside) netmask

access-group outside_in in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh outside

ssh timeout 60

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global



Re: Need access to different subnets

Since the interfaces are the same security level(100) you need

same-security-traffic permit inter-interface

Please rate if this helps.

New Member

Re: Need access to different subnets

Thanks. All need to do is enter this command and the traffic will be allowed?


Re: Need access to different subnets

Since the security levels are the same there is no need for access lists.

New Member

Re: Need access to different subnets

Thanks I'll add that line when I get to the office.

CreatePlease to create content