Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

2 interfaces with the same securtity level

I have 2 subnets that i have setup on 2 interfaces. the 1st subnet (Company A) has internet access. the 2nd subnet (Company B) has no internet access or access to company A, from a computer on the on company b's subnet i am able to ping the firewall but traffic does not go any farther.

Thank you for any help givin.

Shane

5 REPLIES
Community Member

Re: 2 interfaces with the same securtity level

Hi Shane,

In Pix FW, if you have 2 interfaces with same security levels, they won't communicate with each other. You need to define a different security level for the two interfaces. Thanks!

Best Regards,

Manoj

Community Member

Re: 2 interfaces with the same securtity level

it is my understanding that the 2 security interfaces should allow traffic across them. if i lower company B's security i will have to add an access list rule to allow communications between the 2 interfaces.

Community Member

Re: 2 interfaces with the same securtity level

Interfaces with equal security levels do not allow traffic between them. Yes, you will have to reduce the security level of one of the interfaces and add ACL to allow the communications between them.

Community Member

Re: 2 interfaces with the same securtity level

Depends on the platform/code rev. The ASA can pass traffic through same-security interfaces by entering the "same-security-traffic permit" command.

Here's the command for the ASA, rev 7.2:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167

HTH

Geoff

Community Member

Re: 2 interfaces with the same securtity level

geoff,

I found this command on the internet while waiting for a reply on my post and entered it but i still do not get any traffic to Company A's interface or to my outside interface (security level 0)

Also as a side note i have ran the packet tracer on company b's interface and i have an acl that is stopping traffic, i have an implicit rule source and destination both are set to any, and the action is set to deny.

Shane

179
Views
0
Helpful
5
Replies
CreatePlease to create content