Cisco Support Community
Community Member

ASA security level concept question

Hi all

Need some help regarding ACL configuration.

Let's say I have an ASA with 4 interfaces (A, B, C and outside. Security levels for A,B,C are equal, outside is less)

All clients on networks A,B,C are allowed to connect to outside. In this case I don't need to configure an ACL as all traffic to less secure networks is allowed.

But what to do if I want to allow one host on interface A to connect to one host on interface B? Of course, I can add an ACE to interface' A inside ACL to allow that but will loose my implicit rule and connectivity to outside.

Is there a way to add an ACE on inside ACL for interface A allowing traffic that needs to go out of outside?

Everyone's tags (1)
Hall of Fame Super Silver

There is a command for this: 

There is a command for this:

     same-security-traffic permit inter-interface

If you only want to allow to a single host on the other same security interface then you need to be more creative with multiple ACEs in your access-list:

permit host to host

deny to the other subnets on the same security interfaces

permit to all others

CreatePlease to create content