cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


594
Views
7
Helpful
1
Replies
Beginner

ASA 5506 Security Levels

Hello Cisco Community,

I have a ASA 5506-x with a bunch of vlans (sub-interfaces) is there anyway to disable the security levels and purely use ACL's?

1 REPLY 1
Highlighted
Beginner

Re: ASA 5506 Security Levels

You can essentially set them all to the same security level and use the system command which allows traffic to traverse interfaces with the same security levels. Just go into your int config, give them all a nameif, and then set their security levels to something benign.


There are two variations of the command //same-security-traffic permit inter-interface and <intra-interface>

...



Intra - between the same interface and itself

Inter - between two different interfaces.


The first of which allows a sort of hair pinning to occur,




You'll still need ACLs, to meter which traffic you want to egress each interface toward the other subnets.