Solved: Communication between 2 inside interfaces on Cisco ASA 5510

leonnikolaou · ‎10-24-2011

Hi,

I have a Cisco ASA 5510 configured to access the internet, with an:

inside interface (ethernet 0/1) 130.130.0.254 and

outside interface (ethernet 0/0) x.x.x.x

I have now configured another inside interface (ethernet0/2) on ASA with the IP 172.16.0.254 and I have connected it directly to another switch with a management IP 172.16.0.5.

The problem is that the two inside interfaces (130.130.0.254 &172.16.0.254) cannot communicate with each other thus the e0/2 172.16.0.254 interface cannot access the internet.

Please see the diagram that I have attached for you below for a better point of view.

Thank you.

andrew.prince · ‎10-24-2011

You need to configure NAT exeption and an ACL for the new interface, as this will have a lower security level than the inside interface. You could also configure a NAT for the new interface to access the internet directly.

View solution in original post

Eugene Khabarov · ‎10-24-2011

You also need to define

"same-security-traffic permit inter-interface" to allow interfaces with same security levels to communicate with each other.

View solution in original post

andrew.prince · ‎10-24-2011

You need to configure NAT exeption and an ACL for the new interface, as this will have a lower security level than the inside interface. You could also configure a NAT for the new interface to access the internet directly.

leonnikolaou · ‎10-24-2011

Thank you. NAT exceptions and ACL was the solution.

Eugene Khabarov · ‎10-24-2011

You also need to define

"same-security-traffic permit inter-interface" to allow interfaces with same security levels to communicate with each other.

leonnikolaou · ‎10-24-2011

Thank you as well. This tick box that you mentioned is important too!

Eugene Khabarov · ‎10-24-2011

You are welcome.