Hi all.
I have ASA 5525 with subinterfaces for internal VLANs and one interface is connected to ISP and is NAT'ing internal networks with dynamic NAT. Also I have global ACL's which permit traffic between a part of vlans and deny traffic between another VLANs. Another option which is set on ASA is "same-security-traffic permit inter-interface". In this case it seems that all is working good. But if I disable "same-security-traffic permit inter-interface" the traffic between internal subinterfaces (with the same security level) is not passing although an explicit ACL which permit traffic between these interfaces is configured in global.
I was not able to find the documentation about ACL vs "same-security-traffic permit inter-interface", could somebody tell me - does
"same-security-traffic permit inter-interface" have precedence over explicit ACL ?