https://community.cisco.com/t5/network-security/asa-5505-subnets-issue/m-p/2039012#M439068 <P>Hi Guyzz,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I am configuring ASA 5505 i have configured 4 ports ,3 INTERNAL PORTS and 1 OUTSIDE PORT</P><P></P><P>INTERNAL</P><P>1)192.168.17.X</P><P>2)193.168.17.X</P><P>3)192.168.10.X</P><P></P><P>OUTSIDE</P><P></P><P>1)10.112.15.X</P><P></P><P>THE INTERNAL INTERFACES ARE ALL WITH SECURITY LEVEL 100 AND OUTSIDE 0,I HAVE ENABLED OPTION THAT OPTION WHERE IT SAYS THAT TRAFFIC SHOULD BE ALLOWED BETWEEN INTERFACES WITH SAME SAME SECURITY LEVEL </P><P></P><P>BUT I AM NOT ABLE TO PING 193.168.17.2 ---- 192.168.17.2&nbsp;&nbsp; NOT ABLE TO PING</P><P></P><P>BUT IF I DO NAT EXEMPT DEN THE PING HAPPENS</P><P></P><P>require you guyzz to help m</P><P></P><P>attaching config also but without nat exempt</P> Mon, 11 Mar 2019 23:45:04 GMT yogesh bhalerao 2019-03-11T23:45:04Z https://community.cisco.com/t5/network-security/asa-5505-subnets-issue/m-p/2039012#M439068 <P>Hi Guyzz,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I am configuring ASA 5505 i have configured 4 ports ,3 INTERNAL PORTS and 1 OUTSIDE PORT</P><P></P><P>INTERNAL</P><P>1)192.168.17.X</P><P>2)193.168.17.X</P><P>3)192.168.10.X</P><P></P><P>OUTSIDE</P><P></P><P>1)10.112.15.X</P><P></P><P>THE INTERNAL INTERFACES ARE ALL WITH SECURITY LEVEL 100 AND OUTSIDE 0,I HAVE ENABLED OPTION THAT OPTION WHERE IT SAYS THAT TRAFFIC SHOULD BE ALLOWED BETWEEN INTERFACES WITH SAME SAME SECURITY LEVEL </P><P></P><P>BUT I AM NOT ABLE TO PING 193.168.17.2 ---- 192.168.17.2&nbsp;&nbsp; NOT ABLE TO PING</P><P></P><P>BUT IF I DO NAT EXEMPT DEN THE PING HAPPENS</P><P></P><P>require you guyzz to help m</P><P></P><P>attaching config also but without nat exempt</P> Mon, 11 Mar 2019 23:45:04 GMT https://community.cisco.com/t5/network-security/asa-5505-subnets-issue/m-p/2039012#M439068 yogesh bhalerao 2019-03-11T23:45:04Z https://community.cisco.com/t5/network-security/asa-5505-subnets-issue/m-p/2039013#M439070 <HTML><HEAD></HEAD><BODY><P>Hi Bro<BR />What you're experiencing is expected. This is the Cisco ASA's behaviour. </P><P></P><P>Basically, when inside, INSIDE2 and INSIDE-3 wants to communicate with each other, you’ll need to enable “NAT Exemption” i.e. nat (nameif) 0 <ACCESS-LIST>. I know you have already enabled the same-security permit inter-interface command, but this command becomes useless once you’ve enable dynamic nat on one of those interfaces. It’s as if the same-security traffic command wasn't even entered in the first place. You could refer to the URLs below for further details on this;</ACCESS-LIST></P><P> <BR /><A _jive_internal="true" href="https://community.cisco.com/thread/223898">https://supportforums.cisco.com/thread/223898</A><BR /><A href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042530">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042530</A></P><P> <BR /> <BR /> <BR /><STRONG> </STRONG><BR /><STRONG>P/S: If you think this comment is useful, please do rate it nicely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> and click on the "Correct Answer" button</STRONG></P></BODY></HTML> Wed, 22 Aug 2012 13:30:47 GMT https://community.cisco.com/t5/network-security/asa-5505-subnets-issue/m-p/2039013#M439070 Ramraj Sivagnanam Sivajanam 2012-08-22T13:30:47Z