cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
882
Views
0
Helpful
2
Replies

How to enable same security level interfaces to communicate with each other in v8.4

krutarthbhatt
Level 1
Level 1

Hi All,

I have ASA 5585 with SSP20. I want to enable same security level subinterfaces (routed mode) to communicate with each other. 

I have put below command at global level but somehow it is not happening.

hostname(config)# same-security-traffic permit inter-interface

Do I also need to check for NATing or some other things apart from above command? If we have any examples which I can go through it would be a great help.

Thanks

Krutarth

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

That should be the command you need.

I'm not 100% sure if you still need access-lists on the interface (Since I always make access-list for interface even though if everything was allowed through it)

You shouldnt need any NAT configurations between the interface (unless you want ofcourse)

- Jouni

Hi Bro

Can you paste your latest FW configuration here, so that we can help you. This is a very easy simple problem.

If you ask me, since you already have the  "same-security-traffic permit inter-interface" command and all the sub-interfaces have the same security level in place, the only pending item here when it comes to verifying your configuration are;

a) to ensure ACLs are in placed with regards to all nameif/subinterfaces.

b) to ensure no NAT and no nat-control command are in place.

c) to verify the statistics in show asp drop command.

d) to ensure workstations in each of the subinterfaces have the proper default-gateway/routing.

Warm regards,
Ramraj Sivagnanam Sivajanam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: