https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302219#M824072 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>have you tried enabling the same level intra-interface communications. Here's a link all about it:</P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml</A></P><P></P><P></P><P>hostname(config)# <STRONG class="cBold">same-security-traffic permit inter-interface</STRONG></P><P></P><P>regards</P><P></P><P>John</P></BODY></HTML> Wed, 02 Dec 2009 12:06:34 GMT johnbroadway 2009-12-02T12:06:34Z https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302218#M824070 <P>Hello,</P><P></P><P>I'm trying to allow traffic between 2 VLAN's/sub interfaces on my ASA, the both have their security Level set at 25.&nbsp; At the moment I can't even ping devices between the 2 and my access lists are wide open.&nbsp; I raised one of the security groups to 35 and everything seem to work. </P><P></P><P>I'm left a little confused, if security levels are the same are the untrusted?&nbsp; What ever I did on the access list side (to open it up) seemed to be ignored.</P> Mon, 11 Mar 2019 16:44:36 GMT https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302218#M824070 Andy White 2019-03-11T16:44:36Z https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302219#M824072 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>have you tried enabling the same level intra-interface communications. Here's a link all about it:</P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml</A></P><P></P><P></P><P>hostname(config)# <STRONG class="cBold">same-security-traffic permit inter-interface</STRONG></P><P></P><P>regards</P><P></P><P>John</P></BODY></HTML> Wed, 02 Dec 2009 12:06:34 GMT https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302219#M824072 johnbroadway 2009-12-02T12:06:34Z https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302220#M824076 <HTML><HEAD></HEAD><BODY><P>Thanks John,</P><P></P><P>Is this commonly enable by most, I set both these sub interfaces to the same as they sort of need resources from each, have the same security set like you mention is a good idea in my eyes.</P></BODY></HTML> Wed, 02 Dec 2009 12:33:20 GMT https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302220#M824076 Andy White 2009-12-02T12:33:20Z https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302221#M824081 <HTML><HEAD></HEAD><BODY><P>It is a fairly new option (I think since V7 ish) for your sort of instance.</P><P></P><P>If both interfaces require resources from the other then it seems a reasonable approach to me.</P><P></P><P>John</P></BODY></HTML> Wed, 02 Dec 2009 12:45:48 GMT https://community.cisco.com/t5/network-security/security-levels-on-asa/m-p/1302221#M824081 johnbroadway 2009-12-02T12:45:48Z