08-14-2013 12:32 AM - edited 03-07-2019 02:55 PM
Hi all,
I have an issue with a new ASA.
I have enable 2 interfaces :
--------------------
interface GigabitEthernet0/0
nameif LAN
security-level 0
ip address 192.168.1.6 255.255.255.0
!
interface GigabitEthernet0/1
nameif DMZ
security-level 0
ip address 192.168.2.1 255.255.255.0
--------------------
My issue is I cannot ping a interface from the other and so traffic does not go througt.
Interfaces have the same security level and same-security has been permitted on inter-interface.
Any could help me ?
Thanks
08-14-2013 04:12 AM
For same security levels, you'll need to enter the command "same-security-traffic inter-interface". If you're using ASDM to configure, I'm not sure where this setting is. I don't believe you're going to be able to ping one interface from another even though they're the same security level.
HTH,
John
*** Please rate all useful posts ***
08-14-2013 04:15 AM
Hi,
You can't ping an ASA interface from another interface and this behaviour can not be modified.
to test transit traffic you'll have to ping from one host in one subnet to one host in the other subnet.
Regards
Alain
08-14-2013 04:36 AM
Hi all,
Thanks for your two answers.
Let's try this tes then
I don't need any static routes that correct. Just correct ACLs are enough !!
08-14-2013 05:22 AM
Hi,
these 2 subnets are connected subnets so no need for any static route. No need for ACLs either, just inspect icmp( the older command fixup protocol icmp should do it for you).
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide