07-15-2012 09:24 PM - edited 03-11-2019 04:31 PM
Hi All,
I have ASA 5585 with SSP20. I want to enable same security level subinterfaces (routed mode) to communicate with each other.
I have put below command at global level but somehow it is not happening.
hostname(config)# same-security-traffic permit inter-interface
Do I also need to check for NATing or some other things apart from above command? If we have any examples which I can go through it would be a great help.
Thanks
Krutarth
07-15-2012 11:50 PM
Hi,
That should be the command you need.
I'm not 100% sure if you still need access-lists on the interface (Since I always make access-list for interface even though if everything was allowed through it)
You shouldnt need any NAT configurations between the interface (unless you want ofcourse)
- Jouni
07-16-2012 03:02 AM
Hi Bro
Can you paste your latest FW configuration here, so that we can help you. This is a very easy simple problem.
If you ask me, since you already have the "same-security-traffic permit inter-interface" command and all the sub-interfaces have the same security level in place, the only pending item here when it comes to verifying your configuration are;
a) to ensure ACLs are in placed with regards to all nameif/subinterfaces.
b) to ensure no NAT and no nat-control command are in place.
c) to verify the statistics in show asp drop command.
d) to ensure workstations in each of the subinterfaces have the proper default-gateway/routing.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: