Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

same-security-traffic - clarification

Hello,

I just want to clarify if i use "same-security-traffic permit inter-interface" to allow communicate between 2 subnets, do these traffic get inspected by the ASA ?

For an example i have,

interface Ethernet0/0

duplex full

no nameif

security-level 100

no ip address

!

interface Ethernet0/0.1

description Management VLAN

vlan 1

nameif MGMT

security-level 100

ip address 10.150.10.1 255.255.255.0

!

interface Ethernet0/0.2

description Server VLAN

vlan 2

nameif ftp

security-level 100

ip address 10.150.20.1 255.255.255.0

So does the traffic between vlan 1 and 2 are inspected by the ASA ?

1 REPLY

Re: same-security-traffic - clarification

Passing traffic (vlan 1 to vlan 2 or vice-versa) will still subjected to stateful inspection as this is the basic operation rule of PIX/ASA.

The only difference is you do not need address translation, and it permit/allow traffic from interfaces with same security level. This feature was not available in certain old 6.x code.

HTH

AK

102
Views
4
Helpful
1
Replies