I have ASA 5585 with SSP20. I want to enable same security level subinterfaces (routed mode) to communicate with each other.
I have put below command at global level but somehow it is not happening.
hostname(config)# same-security-traffic permit inter-interface
Do I also need to check for NATing or some other things apart from above command? If we have any examples which I can go through it would be a great help.
That should be the command you need.
I'm not 100% sure if you still need access-lists on the interface (Since I always make access-list for interface even though if everything was allowed through it)
You shouldnt need any NAT configurations between the interface (unless you want ofcourse)
Can you paste your latest FW configuration here, so that we can help you. This is a very easy simple problem.
If you ask me, since you already have the "same-security-traffic permit inter-interface" command and all the sub-interfaces have the same security level in place, the only pending item here when it comes to verifying your configuration are;
a) to ensure ACLs are in placed with regards to all nameif/subinterfaces.
b) to ensure no NAT and no nat-control command are in place.
c) to verify the statistics in show asp drop command.
d) to ensure workstations in each of the subinterfaces have the proper default-gateway/routing.