Re: Cisco ASA Mapping Drive from Same Security Interface Fail

Woon Kang · ‎03-29-2018

Dear ALL,

Good Morning, i am quite new in Cisco ASA, i have 2 same security interface level 100 in the Cisco Asa, interface 0/1 and interface 0/2, i have to Map Network Drive for Server from one interface to another, i did successfully make both site can be ping each other, but when i try to map network drive or remote desktop to the other end server, i keep fail, but i can ping without issue, below is my configuration, anything i did wrong?

interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.30.X 255.255.255.0
!
interface Ethernet0/2
nameif production
security-level 100
ip address 192.168.31.X 255.255.255.0
same-security-traffic permit inter-interface

access-list inside_nat0_outbound extended permit ip any 192.168.31.0 255.255.255.0

access-list inside_access_in extended permit ip 192.168.30.0 255.255.255.0 192.168.31.0 255.255.255.0

access-list production_nat0_outbound_1 extended permit ip 192.168.31.0 255.255.255.0 192.168.30.0 255.255.255.0

access-list production_access_in extended permit ip any any

global (outside) 101 interface
nat (outside) 0 access-list outside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 192.168.30.0 255.255.255.0
nat (production) 0 access-list production_nat0_outbound_1
nat (production) 101 192.168.31.0 255.255.255.0
nat (management) 101 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group production_access_in in interface production

anything i miss out?

Thank you

Flavio Miranda · ‎03-29-2018

Hi

Same security level and with the command same-security-traffic permit inter-interface you shouldn't have problem.

The best to do is run a packet tracer or look at logs. I have a feeling that the NAT rule may be the reason.

-If I helped you somehow, please, rate it as useful.-