[NEWBIE ] - Cisco ASA 5515 - traffic issue

cbuschini · ‎08-14-2013

Hi all,

I have an issue with a new ASA.

I have enable 2 interfaces :

--------------------

interface GigabitEthernet0/0
nameif LAN

security-level 0
ip address 192.168.1.6 255.255.255.0
!
interface GigabitEthernet0/1
nameif DMZ
security-level 0
ip address 192.168.2.1 255.255.255.0

--------------------

My issue is I cannot ping a interface from the other and so traffic does not go througt.

Interfaces have the same security level and same-security has been permitted on inter-interface.

Any could help me ?

Thanks

John Blakley · ‎08-14-2013

For same security levels, you'll need to enter the command "same-security-traffic inter-interface". If you're using ASDM to configure, I'm not sure where this setting is. I don't believe you're going to be able to ping one interface from another even though they're the same security level.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

cadet alain · ‎08-14-2013

Hi,

You can't ping an ASA interface from another interface and this behaviour can not be modified.

to test transit traffic you'll have to ping from one host in one subnet to one host in the other subnet.

Regards

Alain

Don't forget to rate helpful posts.

cbuschini · ‎08-14-2013

Hi all,

Thanks for your two answers.

Let's try this tes then

I don't need any static routes that correct. Just correct ACLs are enough !!

cadet alain · ‎08-14-2013

Hi,

these 2 subnets are connected subnets so no need for any static route. No need for ACLs either, just inspect icmp( the older command fixup protocol icmp should do it for you).

Regards

Alain

Don't forget to rate helpful posts.