cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
1
Helpful
2
Replies

Firepower 1120 ASA ASDM 7.16 BVI Device Communication Issue

cybersteer
Level 1
Level 1

Hello Cisco Community,

I am encountering an issue with my Cisco Firepower 1120 ASA running ASDM 7.16. The problem involves devices connected to a bridge group interface (BVI200) that cannot communicate with each other, although they can communicate with external networks without any issues.
Configuration Details:

    Bridge Group Information:
       Bridge Group: 100
       Interfaces: Ethernet1/3 and Ethernet1/5
       Management IP Address: 192.168.100.1/24

    Interface Details:
       BVI100:
          IP address: 192.168.100.1, subnet mask: 255.255.255.0
       Ethernet1/3:
          IP address: 192.168.100.1, subnet mask: 255.255.255.0
       Ethernet1/5:
          IP address: 192.168.100.1, subnet mask: 255.255.255.0

    ARP Table:
       192.168.100.12 mapped to MAC address dca6.3289.2bd3 (connected to Ethernet1/5)
       192.168.100.11 mapped to MAC address dca6.3289.2c99 (connected to Ethernet1/3)

    Access List:
       Each interface (port_3, port_5, bvi_100) has an ACL permitting all IP traffic (permit ip any any).

    NAT Configuration:
       There are no specific NAT rules that would affect internal communication between these devices.

Issue Description:

Devices connected to Ethernet1/3 (IP: 192.168.100.11) and Ethernet1/5 (IP: 192.168.100.12) are unable to communicate with each other. Both devices can see each other's IP and MAC addresses in their ARP tables, but attempts to ping or SSH between them fail.

However, both devices can communicate with external networks without any issues.
Question:

What could be causing the devices on BVI200 (connected via Ethernet1/3 and Ethernet1/5) to be unable to communicate with each other, and how can I resolve this issue?

Thank you for your assistance!

1 Accepted Solution

Accepted Solutions

Hi friend 

Between interface in same bridge and have same secuirty level you need 

Same secuirty permit intra interface 

Same secuirty permit inter interface 

If the security level is different then you need to use ACL to permit traffic between interface in same bridge.

If above not explain your issue please elaborate more

MHM

View solution in original post

2 Replies 2

Hi friend 

Between interface in same bridge and have same secuirty level you need 

Same secuirty permit intra interface 

Same secuirty permit inter interface 

If the security level is different then you need to use ACL to permit traffic between interface in same bridge.

If above not explain your issue please elaborate more

MHM

Thanks for your guidance. I wasn't able to find the exact option in the ASDM GUI, so I used the CLI to enter the following

commands:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

This worked perfectly, and the traffic is now flowing as expected. I really appreciate your help!

Best regards.

Review Cisco Networking for a $25 gift card