cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
0
Helpful
2
Replies

ASA 5520 Intra Routing/ACL/VLAN's 8.4(5)

AQUALUNGAMERICA
Level 1
Level 1

I have two VLAN's on a physical interface with the same security level as my inside interface. I have same-security-traffic permit inter-interface enabled. Do I still need ACL's to permit traffic from the VLAN's to communicate with the network objects on the inside interface?

Thank you

Carlos         

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

So if you have 2 Vlan interfaces at the same "security-level" value than the "inside" interface and you have the "same-security-traffic permit inter-interface" configured THEN you should NOT need ACLs on the 2 Vlan interfaces to permit connection forming/initiation from them to the networks behind "inside" interface.

Though personally I always use ACLs on all interfaces even if the above is true.

- Jouni

View solution in original post

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

So if you have 2 Vlan interfaces at the same "security-level" value than the "inside" interface and you have the "same-security-traffic permit inter-interface" configured THEN you should NOT need ACLs on the 2 Vlan interfaces to permit connection forming/initiation from them to the networks behind "inside" interface.

Though personally I always use ACLs on all interfaces even if the above is true.

- Jouni

Thank you Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: