cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1072
Views
7
Helpful
1
Replies

ASA 5506 Security Levels

vgulinolite
Level 1
Level 1

Hello Cisco Community,

I have a ASA 5506-x with a bunch of vlans (sub-interfaces) is there anyway to disable the security levels and purely use ACL's?

1 Reply 1

leciscokid
Level 1
Level 1

You can essentially set them all to the same security level and use the system command which allows traffic to traverse interfaces with the same security levels. Just go into your int config, give them all a nameif, and then set their security levels to something benign.


There are two variations of the command //same-security-traffic permit inter-interface and <intra-interface>

...



Intra - between the same interface and itself

Inter - between two different interfaces.


The first of which allows a sort of hair pinning to occur,




You'll still need ACLs, to meter which traffic you want to egress each interface toward the other subnets.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: