Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
3
Replies

How provide communication between two interfaces

Go to solution
Janardhan Meesala
Level 1
Level 1

‎03-13-2011 10:40 PM - edited ‎03-11-2019 01:06 PM

Dear Support-Team,

Is it possible to provide communication between two different interfaces which had configured as different
security level in ASA 5510 ???

Regards,

Janardhan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-13-2011 11:23 PM

Yes you can. This depends on whether the traffic is initiated from low to high security level, or high to low security level.

There are different configuration options.

From  low to high, you are required to have static NAT statement or NAT  exemption with ACL as well as ACL to allow traffic through that is  applied to the low security level interface.

From high  to low, by default it is allowed through automatically, but if you have  ACL applied to the high security level interface, then you would need to  explicitly allow the traffic.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-13-2011 11:23 PM

Yes you can. This depends on whether the traffic is initiated from low to high security level, or high to low security level.

There are different configuration options.

From  low to high, you are required to have static NAT statement or NAT  exemption with ACL as well as ACL to allow traffic through that is  applied to the low security level interface.

From high  to low, by default it is allowed through automatically, but if you have  ACL applied to the high security level interface, then you would need to  explicitly allow the traffic.

0 Helpful

Go to solution
Janardhan Meesala
Level 1
Level 1
In response to Jennifer Halim

‎03-14-2011 12:00 AM

Hi ,

Thanks for your response....

Below is the my network details:

Inside-1 : security level 100 - 192.168.1.0/24     inside interface IP is 192.168.1.1/24

Inside-2 : security level 50 - 192.168.2.0/24       inside-2 interface IP is 192.168.2.1/24

Outside : Security level 0 - 192.168.100.0/24     ioutside interface IP is 192.168.100.1/24

I configured Dynamic PAT for inside-1 and inside-2 with outside interface to get internet as shown configuration below.

object network inside-1
subnet 192.168.1.0 255.255.255.0
nat (inside-1,outside) dynamic interface

object network inside-2
subnet 192.168.2.0 255.255.255.0
nat (inside-2,outside) dynamic interface

All my users are getting internet....

    

Here i want provide communiction between inside-1 , inside-2 and outside..

i.e  inside-1 to inside-2 and vice versa

     inside-1 to outside

     inside-2 to outside

Here my IOS version is 8.3 and my device is ASA 5510.....

Please send me the configuration for my requirement..

Thanks in advance...

Regards,

Janardhan

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Janardhan Meesala

‎03-14-2011 12:51 AM

I assume that the following you have configured correctly:

inside-1 to outside, configuration:

object network inside-1
  subnet 192.168.1.0 255.255.255.0
  nat (inside-1,outside) dynamic interface

inside-2 to outside, configuration:

object network inside-2
  subnet 192.168.2.0 255.255.255.0
  nat (inside-2,outside) dynamic interface

For  inside-1 to inside-2, here is the configuration:

object network obj-192.168.1.0

     subnet 192.168.1.0 255.255.255.0

nat (inside-1,inside-2) source static obj-192.168.1.0 obj-192.168.1.0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card