Solved: Re: ASA and enable traffic between two interfaces with same security level

Phil Bradley · ‎02-04-2018

I have multiple DMZ servers in seperate interfaces on my ASA with the same security level defined. I notice that if I do not check the box "enable traffic between two interfaces with same security level", then I cannot communicate between two servers in the seperate interfaces even if I have an ACL rule allowing them to communicate. Do you still have to have an ACL defined in order for these to communicate even if you have the box checked above? I hope this is the case since I want all of the DMZ networks at the same security level but only want them to be able to communicate if I have an ACL defined.

Karsten Iwen · ‎02-04-2018

Thats exactly the way to go. You need the checkbox to let them communicate, but you also need an ACL to control what these systems are allowed to do.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Karsten Iwen · ‎02-04-2018

Thats exactly the way to go. You need the checkbox to let them communicate, but you also need an ACL to control what these systems are allowed to do.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.