I have a very simple configuration; however, the two same security level interfaces cannot talk to each other. I have had a TAC case open for 2+ weeks and I’m at the point of frustration.  Should I blow the configuration away and try again?  Everything I read says that I have the command to be able to talk between the two same security interfaces, but it doesn’t work.  Did NAT/PAT mess up?  I’m hoping someone can help me solve this one, and if not, does write erase effect any of my firepower lic.?

thanks

: Saved

: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)

:

ASA Version 9.8(1)

!

hostname BillsASAhome

enable password $

names

!

interface GigabitEthernet1/1

 nameif outside

 security-level 0

 ip address dhcp setroute

!

interface GigabitEthernet1/2

 nameif insidewired

 security-level 100

 ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet1/3

 nameif eeroWIFI

 security-level 100

 ip address 192.168.7.2 255.255.255.0

!

interface GigabitEthernet1/4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet1/5

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet1/6

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet1/7

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet1/8

 shutdown

 nameif

 security-level 100

 ip address dhcp setroute

!

interface Management1/1

 management-only

 no nameif

 no security-level

 no ip address

!

boot system disk0:/asa981-lfbff-k8.SPA

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network obj_any

 subnet 0.0.0.0 0.0.0.0

object-group protocol DM_INLINE_PROTOCOL_2

 protocol-object udp

 protocol-object tcp

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service DM_INLINE_SERVICE_1

 service-object ip

 service-object udp

 service-object tcp

 service-object udp destination eq www

access-list eeroWIFI_access_in remark test

access-list eeroWIFI_access_in extended permit object-group DM_INLINE_SERVICE_1 any object obj_any

access-list eeroWIFI_access_in extended permit object-group TCPUDP any4 192.168.1.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu eeroWIFI 1500

mtu eeroWifi2 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-781.bin

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

arp rate-limit 16384

!

object network obj_any

 nat (any,outside) dynamic interface

!

nat (eeroWIFI,outside) after-auto source dynamic any interface

access-group eeroWIFI_access_in in interface eeroWIFI

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

timeout conn-holddown 0:00:15

timeout igp stale-route 0:01:10

user-identity default-domain LOCAL

aaa authentication login-history

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

service sw-reset-button

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpoint _SmartCallHome_ServerCA

 no validation-usage

 crl configure

crypto ca trustpool policy

crypto ca certificate chain _SmartCallHome_ServerCA

 certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a

    183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a

  quit

telnet timeout 5

no ssh stricthostkeycheck

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 5

ssh version 2

ssh key-exchange group dh-group1-sha1

console timeout 0

management-access inside

dhcp-client client-id interface eeroWifi2

dhcpd auto_config outside

!

dhcpd address 192.168.1.5-192.168.1.254 inside

dhcpd enable inside

!

dhcpd address 192.168.7.10-192.168.7.254 eeroWIFI

dhcpd enable eeroWIFI

!

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

dynamic-access-policy-record DfltAccessPolicy

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

service call-home

call-home reporting anonymous

call-home

 contact-email-addr william.w.barnes2.ctr@mail.mil

 profile CiscoTAC-1

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:6288f85add5f4cd8595239f3d0fcb1be

: end