Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
4
Helpful
1
Replies

same-security-traffic - clarification

wasanthak
Community Member

‎11-15-2006 10:50 AM - edited ‎03-09-2019 04:53 PM

Hello,

I just want to clarify if i use "same-security-traffic permit inter-interface" to allow communicate between 2 subnets, do these traffic get inspected by the ASA ?

For an example i have,

interface Ethernet0/0

duplex full

no nameif

security-level 100

no ip address

!

interface Ethernet0/0.1

description Management VLAN

vlan 1

nameif MGMT

security-level 100

ip address 10.150.10.1 255.255.255.0

!

interface Ethernet0/0.2

description Server VLAN

vlan 2

nameif ftp

security-level 100

ip address 10.150.20.1 255.255.255.0

So does the traffic between vlan 1 and 2 are inspected by the ASA ?

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 11
Level 11

‎11-15-2006 12:29 PM

Passing traffic (vlan 1 to vlan 2 or vice-versa) will still subjected to stateful inspection as this is the basic operation rule of PIX/ASA.

The only difference is you do not need address translation, and it permit/allow traffic from interfaces with same security level. This feature was not available in certain old 6.x code.

HTH

AK

Customers Also Viewed These Support Documents