Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1109
Views
0
Helpful
4
Replies

no forward interface on 5510

Go to solution
lcaruso
Level 6
Level 6

‎01-13-2011 12:13 PM - edited ‎03-11-2019 12:34 PM

There doesn't seem to be a no forward interface command on the 5510 as it is used on the 5505 (no vlans being used on 5510).

Is there another command to stop traffic from getting from one interface to another without an access list?

We are doing some testing of a different provider and do not want any possible unintended routing paths taken--just want to verify the mac address of the problem Charter modem is seen.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎01-13-2011 02:43 PM

If you configure both interfaces in the same security level, and ensure that "same-security-traffic permit inter-interface" command is not configured on the firewall, then there will not be any communication between those two interfaces. If you have configured  "same-security-traffic permit inter-interface" for some other purpose, then make sure that you have not configured any NAT rules between the two interfaces in question (NAT control is enabled).

------------------------------------------------------------------

interface ethernet 0/0

nameif inside1

security-level 100

ip address 192.168.1.1 255.255.255.0

exit

interface ethernet 0/1

nameif inside2

security-level 100

ip  address 192.168.2.1 255.255.255.0

exit

no same-security-traffic permit inter-interface

nat-control

------------------------------------------------------------------

Hope this helps.

Nagaraja

View solution in original post

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-13-2011 02:45 PM

Hi,

Maybe "management-only" interface command will suit your needs?

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2028112

Marcin

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎01-13-2011 02:43 PM

If you configure both interfaces in the same security level, and ensure that "same-security-traffic permit inter-interface" command is not configured on the firewall, then there will not be any communication between those two interfaces. If you have configured  "same-security-traffic permit inter-interface" for some other purpose, then make sure that you have not configured any NAT rules between the two interfaces in question (NAT control is enabled).

------------------------------------------------------------------

interface ethernet 0/0

nameif inside1

security-level 100

ip address 192.168.1.1 255.255.255.0

exit

interface ethernet 0/1

nameif inside2

security-level 100

ip  address 192.168.2.1 255.255.255.0

exit

no same-security-traffic permit inter-interface

nat-control

------------------------------------------------------------------

Hope this helps.

Nagaraja

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Nagaraja Thanthry

‎01-13-2011 02:50 PM

Thanks for your reply. That sums it up very well.

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-13-2011 02:45 PM

Hi,

Maybe "management-only" interface command will suit your needs?

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2028112

Marcin

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Marcin Latosiewicz

‎01-13-2011 02:51 PM

Thanks for your reply. Easy and perfect. Why didn't I think of that?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card