https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617191#M594312 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply. That sums it up very well.</P></BODY></HTML> Thu, 13 Jan 2011 22:50:37 GMT lcaruso 2011-01-13T22:50:37Z https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617188#M594309 <P>There doesn't seem to be a no forward interface command on the 5510 as it is used on the 5505 (no vlans being used on 5510).</P><P></P><P>Is there another command to stop traffic from getting from one interface to another without an access list?</P><P></P><P>We are doing some testing of a different provider and do not want any possible unintended routing paths taken--just want to verify the mac address of the problem Charter modem is seen.</P> Mon, 11 Mar 2019 19:34:50 GMT https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617188#M594309 lcaruso 2019-03-11T19:34:50Z https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617189#M594310 <HTML><HEAD></HEAD><BODY><P>If you configure both interfaces in the same security level, and ensure that "same-security-traffic permit inter-interface" command is not configured on the firewall, then there will not be any communication between those two interfaces. If you have configured&nbsp; "same-security-traffic permit inter-interface" for some other purpose, then make sure that you have not configured any NAT rules between the two interfaces in question (NAT control is enabled).</P><P></P><P>------------------------------------------------------------------</P><P>interface ethernet 0/0</P><P>nameif inside1</P><P>security-level 100</P><P>ip address 192.168.1.1 255.255.255.0</P><P>exit</P><P></P><P>interface ethernet 0/1</P><P>nameif inside2</P><P>security-level 100</P><P>ip&nbsp; address 192.168.2.1 255.255.255.0</P><P>exit</P><P></P><P>no same-security-traffic permit inter-interface</P><P></P><P>nat-control</P><P>------------------------------------------------------------------</P><P></P><P>Hope this helps.</P><P></P><P>Nagaraja</P></BODY></HTML> Thu, 13 Jan 2011 22:43:54 GMT https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617189#M594310 Nagaraja Thanthry 2011-01-13T22:43:54Z https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617190#M594311 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Maybe "management-only" interface command will suit your needs?</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2028112">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2028112</A></P><P></P><P>Marcin</P></BODY></HTML> Thu, 13 Jan 2011 22:45:27 GMT https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617190#M594311 Marcin Latosiewicz 2011-01-13T22:45:27Z https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617191#M594312 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply. That sums it up very well.</P></BODY></HTML> Thu, 13 Jan 2011 22:50:37 GMT https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617191#M594312 lcaruso 2011-01-13T22:50:37Z https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617192#M594313 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply. Easy and perfect. Why didn't I think of that?</P></BODY></HTML> Thu, 13 Jan 2011 22:51:38 GMT https://community.cisco.com/t5/network-security/no-forward-interface-on-5510/m-p/1617192#M594313 lcaruso 2011-01-13T22:51:38Z