Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

two firewall with same security level



my topology is

 ISP 1                        ISP 2

   |                                 |

Firewall 1 ----------Firewall 2

    |                                |

    | ___  L3 Switch ___|


Both firewalls are connected back to back with same security level (60). - DMZ interface


Both firewalls run ospf and default route is injected by firewall 1 to firewall 2 (dmz interface) and l3 switch - which is all fine. I can see the ospf routes but when i try to ping outside world from Firewall 2 through to Firewall 1 on dmz interface i cant seem to get a response although from L3 switch i can ping outside world ?


I have tried adding same-security level permit inter interface traffic (or something similar) on both interface of the firewall but no joy. any thoughts please ?


Hall of Fame Super Blue

I don't think it is a same

I don't think it is a same-security issue as these are separate firewalls.

Are the DMZ interfaces using private addressing and if so have you setup NAT for them when they go via the outside interface ?


VIP Green

As Jon has mentioned this is

As Jon has mentioned this is not a security level issue, and is most likely a NAT issue, or possible a routing issue though this is very unlikely.

Please post the running configue (remove all passwords and public IPs) for both the ASAs.  Seeing the configuration will help us identify where the problem might be.



Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer