08-13-2017 03:25 PM - edited 03-12-2019 02:48 AM
I have multiple Vlans on Cisco ASA.
All of them have same security level. I have configured same-security-traffic permit inter-interface however still users of Vlan x are not able to ping users in Vlan y.
If someone can help me out how to enable communication between same security level interfaces.
Thanks in Advance.
08-13-2017 10:23 PM
Hi,
Can you share the packet tracer output of any two VLAN's?
Also, do you have any NAT config for the VLAN's?
Regards,
Aditya
Please rate helpful and mark correct answers
08-14-2017 02:30 AM
Follow this approach
1- packet captures
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html
2- packet tracer
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
3- asp drop captures
cap asp type asp drop all
test and then show cap asp | i your ip
4- logging
logging buffered debugging
test and then show logging | i ip
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: