Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
1
Replies

ASA security level concept question

ICFCISCO1
Level 1
Level 1

‎05-23-2014 10:49 AM - edited ‎02-21-2020 05:11 AM

Hi all

Need some help regarding ACL configuration.

Let's say I have an ASA with 4 interfaces (A, B, C and outside. Security levels for A,B,C are equal, outside is less)

All clients on networks A,B,C are allowed to connect to outside. In this case I don't need to configure an ACL as all traffic to less secure networks is allowed.

But what to do if I want to allow one host on interface A to connect to one host on interface B? Of course, I can add an ACE to interface' A inside ACL to allow that but will loose my implicit rule and connectivity to outside.

Is there a way to add an ACE on inside ACL for interface A allowing traffic that needs to go out of outside?

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-24-2014 07:58 AM

There is a command for this:

     same-security-traffic permit inter-interface

If you only want to allow to a single host on the other same security interface then you need to be more creative with multiple ACEs in your access-list:

permit host to host

deny to the other subnets on the same security interfaces

permit to all others

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card