cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
620
Views
0
Helpful
3
Replies

Access list + security level IOS 9.1

javi_cesp
Level 1
Level 1

Hy everybody,

I have some doubt about the configuration of access-list and the security-level in the interfaces. In my configuration I'm using access-lists in all the interfaces (cisco asa 5525, IOS 9.1) and i'm using the same security-level for all these interfaces.

The issue that i had was that the  traffic didn't match with the ace's in the access-list. So after a while i tried entering the global command

same-security-traffic permit inter-interface. After that the ace's in the access-list start to registered hit counts and the traffic started to pass through the Firewall.

I was reading in various site that if i'm using access-list on each interface of the ASA, the security levels no longer control what the initial traffic flows may be. With access lists, the initial traffic flow is completely  controlled by entries in that access-list. However in my case this is not true.

I tried also to initiate a connection from a server without permission in the access-list and didnt work (trying to see if the control is completely controlled by the security-level).

Would be that this version of IOS have some bug? Or is a correct functioning of the same?

I hope that somebody can give me a clue of this.

Best regards.

Javier

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni