Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
1
Replies

Access between inside interfaces

Chris Mickle
Level 1
Level 1

‎02-11-2020 04:52 AM

Hello All,

 

Just want to run something by the forum...

 

I have an ASA 5508-X with 2 inside interfaces and I need to allow traffic between two hosts on each interface.

 

Host 10.100.15.10 on VLAN10 needs to be able to access host 10.100.10.10 on VLAN30 and visa versa.

 

VLAN10 security-level is 100, vlan30 security-level is 80.

 

I added...

access-list 300 line 1 permit ip host 10.100.10.10 host 10.100.15.10

access-list 300 line 2 permit ip any any

access-group 300 in interface vlan30

 

packet tracer seems to indicate that traffic should flow both ways, but I can not ping between the hosts. Right now I can only access one of the hosts (10.100.15.10) so this may be software firewall blocking the icmp traffic.

 

My question is, should the acl I created work and is it applied to the correct interface?

 

thanks

Labels:
0 Helpful
1 Reply 1

bhargavdesai
Spotlight
Spotlight

‎02-11-2020 05:54 AM

The limited configuration that you provided seems fine and should work. To confirm you have checked the traffic allowed in both direction through Packet tracer utility. I would like to add that Cisco ASA by default does not inspect ICMP packets and hence pings may fail. To resolve this you should inspect ICMP. You can achieve this by below command.

 

fixup protocol icmp

 

It may also be a problem with your host based Antivirus/Firewall software. You need to check that too...

 

If you still having issue. please provide configuration so that we can help you.

 

H2H

### RATE ALL HELPFUL RESPONSES ###

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card