Hello,
As we all know sometimes Cisco documentation can be a little ambiguous and or vague in defining technical feature principals and this applies no less to the definition given to the ASA same security level feature.
I have been searching and searching to get a detailed answer but have failed miserably. I am unfortunately not in a position to lab this and depend on the information available.
I would be most grateful to receive a definitive description of the inter-interface feature to understand the following concepts:
When the same security-level inter-interface feature is disabled, and some interfaces have the same security level set, does the explicit ACL apply and anything permitted gets parsed and sent on?
Or is the same-level inter-interface command a pre-requisite to allow the ASA to process traffic destined to an interface of the same securite level regardless if an ACL is present in config?
When the same security-level inter-interface is enabled and an inbound ACL is applied, is the ACL bypassed completely so any traffic is permitted ignoring an ACL?
Or does an ACL get processed before the security-level inter-interface is checked?
Does anyone know of a link to a best practise and/or design document that explains this in great detail?
Does anyone know of a link that describes the processing architecture of the Cisco ASA that covers this feature?
Many thanks in advance for any help provided.
Best regards.
