12-02-2009 03:54 AM - edited 03-11-2019 09:44 AM
Hello,
I'm trying to allow traffic between 2 VLAN's/sub interfaces on my ASA, the both have their security Level set at 25. At the moment I can't even ping devices between the 2 and my access lists are wide open. I raised one of the security groups to 35 and everything seem to work.
I'm left a little confused, if security levels are the same are the untrusted? What ever I did on the access list side (to open it up) seemed to be ignored.
12-02-2009 04:06 AM
hi,
have you tried enabling the same level intra-interface communications. Here's a link all about it:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml
hostname(config)# same-security-traffic permit inter-interface
regards
John
12-02-2009 04:33 AM
Thanks John,
Is this commonly enable by most, I set both these sub interfaces to the same as they sort of need resources from each, have the same security set like you mention is a good idea in my eyes.
12-02-2009 04:45 AM
It is a fairly new option (I think since V7 ish) for your sort of instance.
If both interfaces require resources from the other then it seems a reasonable approach to me.
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: