Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
5
Helpful
3
Replies

if i put security 100 on inside and dmz, do i still need ACL?

Go to solution
Neetu Bhushan
Level 1
Level 1

‎05-03-2013 03:30 PM - edited ‎03-11-2019 06:38 PM

hi all,

since i'm new to asa...  and my current network don't have acl in between router 3750x and switch 2960s.  if i put security 100 on both dmz and inside network, do i still need ACL in between them?  i basically want for now everything working and especially turn on the jumbo frame on my dmz network since most of my server are in vsphere 5.0.

of course, i will hardened the security later.

thanks for any comment you may add.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-03-2013 04:41 PM

Hi,

You will have to configure this configuration on the ASA IF the interfaces have identical "security-level" values and DONT have ACLs and you want traffic to flow freely between them.

same-security-traffic permit inter-interface

Here is a link to one ASA Command Reference that explains the command better

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1421315

- Jouni

View solution in original post

3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-03-2013 04:41 PM

Hi,

You will have to configure this configuration on the ASA IF the interfaces have identical "security-level" values and DONT have ACLs and you want traffic to flow freely between them.

same-security-traffic permit inter-interface

Here is a link to one ASA Command Reference that explains the command better

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1421315

- Jouni

Go to solution
Neetu Bhushan
Level 1
Level 1
In response to Jouni Forss

‎05-03-2013 08:39 PM

one more question?

the  same-security-traffic permit intra-interface is for VPN network, right?


0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Neetu Bhushan

‎05-04-2013 02:50 AM

Hi,

The most common use for the command you mention is for VPN traffic.

In general it enables traffic to flow so that it can enter an ASA interface and leave out through the same interface. For example when a VPN Client connects to a host that is behind a L2L VPN connection.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card