Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
5
Helpful
2
Replies

Can't over rule implicit deny any

jhonny.eriksson
Level 1
Level 1

‎12-08-2012 02:09 AM - edited ‎03-11-2019 05:35 PM

Hello,

I just tried to over rule an implicit deny any any rule with an permit any any in my ASA but traffic keeps on hitting the last deny any rule. How can this be?

The interfaces have the same security levels (0). I also have an Permit any any in the other direction. The rules are enabled. Routing is OK. I can ping both destinations from the ASA. I have also enabled the traffic to pass between intra-subinterface;

same-security-traffic permit intra-interface

Thanks,

Best Regards

Jhonny Eriksson

Labels:
0 Helpful
2 Replies 2

Eugene Korneychuk
Cisco Employee
Cisco Employee

‎12-08-2012 02:40 AM

Hello Johnny,

Did you try

same-security-traffic permit inter-interface? Please let me know the result, also if it will not help, can you attach packet-tracer output, and sh run.

Please rate helpful posts

Best Regards,

Eugene

jhonny.eriksson
Level 1
Level 1
In response to Eugene Korneychuk

‎12-12-2012 03:36 AM

It seems like I was a little bit to quick here.

I thought that traffic passing between two sub-interrfaces on the same physical interface only needed the "same-security-traffic permit intra-interface" command but it seems like the ASA considers the sub-interfaces as being inter-interfaces to each other. So the command noted in Eugenes' post was correct!

Thanks!!!

Best Regards

Jhonny Eriksson

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card