Hi team,

i am using ASAv version 9.12.2 on AWS and i have few internal interfaces (security level 100) and i can not get them to ping each other even when. i am running the same-security lever permit command. i have tried to create an ACL to permit traffic from anywhere to anywhere with no success and i have few pre-made ACLs that i could not delete.   

here is my conf:

: Saved

:

: Serial Number: 9AS6FC2VFFG

: Hardware:   ASAv, 7680 MB RAM, CPU Xeon E5 series 2900 MHz, 1 CPU (4 cores)

:

ASA Version 9.12(2)

!

hostname ciscoasa

enable password ***** pbkdf2

names

no mac-address auto

!

interface GigabitEthernet0/0

nameif App

security-level 100

ip address dhcp setroute

!

interface GigabitEthernet0/1

nameif Web

security-level 100

ip address dhcp setroute

!

interface GigabitEthernet0/2

nameif Guest

security-level 100

ip address dhcp setroute

!             

interface Management0/0

management-only

nameif mgmt 

security-level 90

ip address dhcp setroute

!             

ftp mode passive

clock timezone IST 2

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network App

host 10.0.200.0

object network Web

subnet 10.0.100.0 255.255.255.0

access-list App_access_in extended permit ip any any

access-list Web_access_in extended permit ip any any

access-list Guest_access_in extended permit ip any any

pager lines 23

logging enable

logging trap debugging

logging asdm notifications

logging host mgmt 10.0.250.44 6/1470

mtu mgmt 1500

mtu App 1500 

mtu Web 1500 

mtu Guest 1500

no failover   

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

arp rate-limit 16384

!             

object network App

nat (any,App) dynamic interface

object network Web

nat (any,Web) dynamic interface

access-group App_access_in in interface App

access-group Web_access_in in interface Web

access-group Guest_access_in in interface Guest

router ospf 100

network 10.0.100.0 255.255.255.0 area 0

network 10.0.200.0 255.255.255.0 area 0

network 0.0.0.0 0.0.0.0 area 0

log-adj-changes

!             

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

timeout conn-holddown 0:00:15

timeout igp stale-route 0:01:10

user-identity default-domain LOCAL

aaa authentication login-history

http server enable

http 10.0.250.0 255.255.255.0 App

http 10.0.250.0 255.255.255.0 mgmt

no snmp-server location

no snmp-server contact

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpoint _SmartCallHome_ServerCA

no validation-usage

crl configure

crypto ca trustpool policy

auto-import 

crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca 0509###

  quit        

telnet timeout 5

ssh stricthostkeycheck

ssh 0.0.0.0 0.0.0.0 mgmt

ssh timeout 30

ssh version 1 2

console timeout 0

vpn load-balancing

dhcp-client client-id interface App

dhcp-client client-id interface Web

dhcp-client client-id interface Guest

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

dynamic-access-policy-record DfltAccessPolicy

username admin nopassword privilege 15

username admin attributes

service-type admin

ssh authentication publickey ## hashed

!             

class-map inspection_default

match default-inspection-traffic

!             

!             

policy-map type inspect dns preset_dns_map

parameters   

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map global_policy

class inspection_default

  inspect ip-options

  inspect netbios

  inspect rtsp

  inspect sunrpc

  inspect tftp

  inspect xdmcp

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect esmtp

  inspect sqlnet

  inspect sip 

  inspect skinny 

policy-map type inspect dns migrated_dns_map_2

parameters   

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map type inspect dns migrated_dns_map_1

parameters   

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

!             

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home     

profile License

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination transport-method http

profile CiscoTAC-1

  no active   

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:e7da6c4626b216ca9493ffa5e6e509c4

: end 

can any one tell me what am i missing here?

Best Regards,

Alex.