- Cisco Community
- Technology and Support
- Networking
- Routing
- enable traffic through the firewall without address translation in asa 5506-x
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2018 03:22 AM - edited 03-05-2019 09:43 AM
Hi All,
I have configured firewall 5506-x with two LAN interfaces (Vlan81 and Vlan83) and two WAN interfaces. i want to exempt both LAN interfaces and through traffic with out NAT translation. i have pass these commands:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
on both interfaces currently i am using acl with "IP any any"
but both Vlans are not communicating each other.
What could be the reason ?
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2018 08:14 PM
Hi All,
I have solved the issue,
actually when i pass this configuration :
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Still we need to exempt same interface with same interface. like exempt inside with inside and winsaide with winside. by doing this i am able to communicate between interfaces.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2018 04:58 AM
Hi,
Which security level do you have on those interfaces? Do you have a layer 3 device connected on both firewall interface? If so, do they know how to reply to the other network?
Can you share your firewall config?
-If I helped you somehow, please, rate it as useful.-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2018 06:13 AM
Hello,
in addition to Flavio's comment, also check your (static) NAT statements. Best indeed if you could post your full configuration...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2018 09:54 PM - edited 01-08-2018 09:56 PM
Hi Georg Pauwen and Flavio :
Thanks for your kind reply. here is my config details:
: Saved
:
: Serial Number: xxxxxx
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at xxxx Tue Jan 9 2018
!
ASA Version 9.6(2)23
!
hostname xxxxxx
enable password YdXm6M/EN4xxx3Q encrypted
passwd YdXm6M/ExxfEpG3Q encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.81.7 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
nameif Winside
security-level 100
ip address 192.168.83.7 255.255.255.0
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
nameif N_Outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
boot system disk0:/asa962-23-lfbff-k8.SPA
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.81.25 inside
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Printer_192.168.81.31_xxx
host 192.168.81.31
description xxx
object network Printer_192.168.81.36_xxx
host 192.168.81.36
description xxx
object network Printer_192.168.81.47_xxx
host 192.168.81.47
description xxx Printer
object network Printer_192.168.81.41_xxx
host 192.168.81.41
description xxx
object network Printer_192.168.81.45_xxx
host 192.168.81.45
description xxx
object network Printer_192.168.81.48_xxx
host 192.168.81.48
description xxx
object network Printer_192.168.81.42_xxx
host 192.168.81.42
description xxx
object network Printer_192.168.81.43_xxx
host 192.168.81.43
description xxx
object network XXX_7.7.7.7_GW
host 7.7.7.7
description XXX Gateway
object network inside-network
subnet 192.168.81.0 255.255.255.0
object network Winside-network
subnet 192.168.83.0 255.255.255.0
object network DNS-LINUX_83.250
host 192.168.83.250
object network Wireless_GW_83.253
host 192.168.83.253
access-list inside_access_in extended permit ip object-group NoRestrictionSources any
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_7
access-list inside_access_in extended permit ip any object-group Printers
access-list inside_access_in extended permit icmp 192.168.81.0 255.255.255.0 any
access-list inside_access_in extended permit udp 192.168.81.0 255.255.255.0 any eq ntp
access-list inside_access_in extended permit udp object-group DM_INLINE_NETWORK_2 any object-group DM_INLINE_UDP_1
access-list inside_access_in extended permit object-group TCP-UDP 192.168.81.0 255.255.255.0 any eq domain
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_8
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_9
access-list inside_access_in extended permit ip 192.168.83.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 inactive
access-list inside_access_in extended permit ip any 192.168.83.0 255.255.255.0 inactive
access-list inside_access_in extended permit udp any any object-group WhatsApp_UDP
access-list inside_access_in extended deny object-group TCP-UDP any any object-group Torrent
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_5
access-list inside_access_in extended deny ip object-group Blocked_Sources any
access-list inside_access_in extended permit object-group TCP-UDP any any object-group XMPP
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 192.168.81.0 255.255.255.0 any inactive
access-list inside_access_in extended permit ip 192.168.81.0 255.255.255.0 object-group GoodServers
access-list inside_access_in extended deny object-group TCP-UDP 192.168.81.0 255.255.255.0 any object-group HotspotShield
access-list inside_access_in extended deny ip any any
access-list Winside_access_in extended permit ip object-group NoRestrictionSources any
access-list Winside_access_in extended permit ip interface Winside 192.168.81.0 255.255.255.0
access-list Winside_access_in extended permit ip 192.168.83.0 255.255.255.0 object-group Printers
access-list Winside_access_in extended permit tcp 192.168.83.0 255.255.255.0 object-group Printers object-group DM_INLINE_TCP_11 inactive
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_5 any object Server_DC_ECHO
access-list Winside_access_in extended permit icmp any any
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_6 object Server_DC_ECHO any
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_4 192.168.83.0 255.255.255.0 any inactive
access-list Winside_access_in extended permit tcp 192.168.83.0 255.255.255.0 192.168.81.0 255.255.255.0 object-group DM_INLINE_TCP_13
access-list outside_access_in extended permit object-group ICMP any any
access-list outside_access_in extended permit tcp any interface outside object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any object server1_xxx_xxx object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any object
server2_ xxx_xxx object-group DM_INLINE_TCP_3
access-list outside_access_in extended permit tcp any object server3_xxx_xxx object-group DM_INLINE_TCP_4
access-list inboundSurvey extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list inboundSurvey extended permit tcp any object xxx_Interface_Outside object-group DM_INLINE_TCP_12
access-list OUTSIDE-IN extended permit icmp any any
access-list outside_access_Out extended permit ip any4 object xxx_81.29
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_7 any4 object Server_xxx
access-list outside_access_Out extended permit tcp any4 object server_survey object-group DM_INLINE_TCP_10
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_0 any4 object Server_xxx
access-list outside_access_Out extended permit tcp any4 object server_survey object-group DM_INLINE_TCP_0
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_2 any4 object Server_xxx
access-list outside_access_Out extended permit icmp object-group DM_INLINE_NETWORK_3 any
access-list N_Outsite_access_in extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside xxx 9996
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu Winside 1500
mtu N_Outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside,outside) source dynamic any interface dns
nat (Winside,inside) source dynamic any interface
!
object network Server_xxx
nat (any,outside) static interface service tcp xxx xxx
object network Server_xxx
nat (inside,outside) static server_xxx_xxx
object network server_xxx
nat (inside,outside) static server_xxx_xxx
object network Server_xxx
nat (inside,outside) static server_xxx_xxx
object network server_xxx
nat (inside,outside) static server_xxx_xxx
access-group outside_access_Out in interface outside
access-group inside_access_in in interface inside
access-group Winside_access_in in interface Winside
access-group N_Outsite_access_in in interface N_Outside
route outside 0.0.0.0 0.0.0.0 7.7.7.7 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.81.0 255.255.255.0 inside
snmp-server host inside xxx community perform
no snmp-server location
no snmp-server contact
snmp-server community perform
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.81.0 255.255.255.0 inside
telnet timeout 30
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd domain pakistanperform.com
!
dhcpd address 192.168.83.30-192.168.83.245 Winside
dhcpd dns 192.168.81.25 interface Winside
dhcpd option 3 ip 192.168.83.253 interface Winside
dhcpd option 6 ip 192.168.81.25 interface Winside
!
dhcprelay timeout 160
threat-detection basic-threat
threat-detection scanning-threat shun except object-group NoRestrictionSources
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-access-policy-record DfltAccessPolicy
username xxx password 1lG.722HGcduqIxb encrypted privilege 15
username xxx password 2dMuEBodaRTg/ojQ encrypted privilege 15
username xxx password rFMCRvdj4RRRNLzF encrypted privilege 15
username xxx password cmyrcWm5arRxckSs encrypted privilege 15
!
class-map global-class-NetFlow
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class global-class-NetFlow
flow-export event-type all destination 192.168.81.17
class class-default
user-statistics accounting
policy-map global-policy
class inspection_default
inspect icmp
inspect icmp error
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:a12570fdbe3a2d44ec7e663828cd93c0
: end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2018 01:25 AM
Hi Georg Pauwen and Flavio Miranda:
Thanks for your kind reply...
here is requested config :
: Saved
:
: Serial Number: xxxxxx
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at xxxx Tue Jan 9 2018
!
ASA Version 9.6(2)23
!
hostname xxxxxx
enable password YdXm6M/EN4xxx3Q encrypted
passwd YdXm6M/ExxfEpG3Q encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.81.7 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
nameif Winside
security-level 100
ip address 192.168.83.7 255.255.255.0
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
nameif N_Outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
boot system disk0:/asa962-23-lfbff-k8.SPA
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.81.25 inside
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Printer_192.168.81.31_xxx
host 192.168.81.31
description xxx
object network Printer_192.168.81.36_xxx
host 192.168.81.36
description xxx
object network Printer_192.168.81.47_xxx
host 192.168.81.47
description xxx Printer
object network Printer_192.168.81.41_xxx
host 192.168.81.41
description xxx
object network Printer_192.168.81.45_xxx
host 192.168.81.45
description xxx
object network Printer_192.168.81.48_xxx
host 192.168.81.48
description xxx
object network Printer_192.168.81.42_xxx
host 192.168.81.42
description xxx
object network Printer_192.168.81.43_xxx
host 192.168.81.43
description xxx
object network xxx_7.7.7.7_GW
host 7.7.7.7
description xxx Gateway
object network inside-network
subnet 192.168.81.0 255.255.255.0
object network Winside-network
subnet 192.168.83.0 255.255.255.0
object network DNS-LINUX_83.250
host 192.168.83.250
object network Wireless_GW_83.253
host 192.168.83.253
access-list inside_access_in extended permit ip object-group NoRestrictionSources any
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_7
access-list inside_access_in extended permit ip any object-group Printers
access-list inside_access_in extended permit icmp 192.168.81.0 255.255.255.0 any
access-list inside_access_in extended permit udp 192.168.81.0 255.255.255.0 any eq ntp
access-list inside_access_in extended permit udp object-group DM_INLINE_NETWORK_2 any object-group DM_INLINE_UDP_1
access-list inside_access_in extended permit object-group TCP-UDP 192.168.81.0 255.255.255.0 any eq domain
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_8
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_9
access-list inside_access_in extended permit ip 192.168.83.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 inactive
access-list inside_access_in extended permit ip any 192.168.83.0 255.255.255.0 inactive
access-list inside_access_in extended permit udp any any object-group WhatsApp_UDP
access-list inside_access_in extended deny object-group TCP-UDP any any object-group Torrent
access-list inside_access_in extended permit tcp 192.168.81.0 255.255.255.0 any object-group DM_INLINE_TCP_5
access-list inside_access_in extended deny ip object-group Blocked_Sources any
access-list inside_access_in extended permit object-group TCP-UDP any any object-group XMPP
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 192.168.81.0 255.255.255.0 any inactive
access-list inside_access_in extended permit ip 192.168.81.0 255.255.255.0 object-group GoodServers
access-list inside_access_in extended deny object-group TCP-UDP 192.168.81.0 255.255.255.0 any object-group HotspotShield
access-list inside_access_in extended deny ip any any
access-list Winside_access_in extended permit ip object-group NoRestrictionSources any
access-list Winside_access_in extended permit ip interface Winside 192.168.81.0 255.255.255.0
access-list Winside_access_in extended permit ip 192.168.83.0 255.255.255.0 object-group Printers
access-list Winside_access_in extended permit tcp 192.168.83.0 255.255.255.0 object-group Printers object-group DM_INLINE_TCP_11 inactive
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_5 any object Server_DC_ECHO
access-list Winside_access_in extended permit icmp any any
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_6 object Server_DC_ECHO any
access-list Winside_access_in extended permit object-group DM_INLINE_SERVICE_4 192.168.83.0 255.255.255.0 any inactive
access-list Winside_access_in extended permit tcp 192.168.83.0 255.255.255.0 192.168.81.0 255.255.255.0 object-group DM_INLINE_TCP_13
access-list outside_access_in extended permit object-group ICMP any any
access-list outside_access_in extended permit tcp any interface outside object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any object server1_xxx_xxx object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any object
server2_ xxx_xxx object-group DM_INLINE_TCP_3
access-list outside_access_in extended permit tcp any object server3_xxx_xxx object-group DM_INLINE_TCP_4
access-list inboundSurvey extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list inboundSurvey extended permit tcp any object xxx_Interface_Outside object-group DM_INLINE_TCP_12
access-list OUTSIDE-IN extended permit icmp any any
access-list outside_access_Out extended permit ip any4 object xxx_81.29
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_7 any4 object Server_xxx
access-list outside_access_Out extended permit tcp any4 object server_survey object-group DM_INLINE_TCP_10
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_0 any4 object Server_xxx
access-list outside_access_Out extended permit tcp any4 object server_survey object-group DM_INLINE_TCP_0
access-list outside_access_Out extended permit object-group DM_INLINE_SERVICE_2 any4 object Server_xxx
access-list outside_access_Out extended permit icmp object-group DM_INLINE_NETWORK_3 any
access-list N_Outsite_access_in extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside xxx 9996
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu Winside 1500
mtu N_Outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside,outside) source dynamic any interface dns
nat (Winside,inside) source dynamic any interface
!
object network Server_xxx
nat (any,outside) static interface service tcp xxx xxx
object network Server_xxx
nat (inside,outside) static server_xxx_xxx
object network server_xxx
nat (inside,outside) static server_xxx_xxx
object network Server_xxx
nat (inside,outside) static server_xxx_xxx
object network server_xxx
nat (inside,outside) static server_xxx_xxx
access-group outside_access_Out in interface outside
access-group inside_access_in in interface inside
access-group Winside_access_in in interface Winside
access-group N_Outsite_access_in in interface N_Outside
route outside 0.0.0.0 0.0.0.0 7.7.7.7 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.81.0 255.255.255.0 inside
snmp-server host inside xxx community perform
no snmp-server location
no snmp-server contact
snmp-server community perform
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.81.0 255.255.255.0 inside
telnet timeout 30
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd domain pakistanperform.com
!
dhcpd address 192.168.83.30-192.168.83.245 Winside
dhcpd dns 192.168.81.25 interface Winside
dhcpd option 3 ip 192.168.83.253 interface Winside
dhcpd option 6 ip 192.168.81.25 interface Winside
!
dhcprelay timeout 160
threat-detection basic-threat
threat-detection scanning-threat shun except object-group NoRestrictionSources
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-access-policy-record DfltAccessPolicy
username xxx password 1lG.722HGcduqIxb encrypted privilege 15
username xxx password 2dMuEBodaRTg/ojQ encrypted privilege 15
username xxx password rFMCRvdj4RRRNLzF encrypted privilege 15
username xxx password cmyrcWm5arRxckSs encrypted privilege 15
!
class-map global-class-NetFlow
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class global-class-NetFlow
flow-export event-type all destination 192.168.81.17
class class-default
user-statistics accounting
policy-map global-policy
class inspection_default
inspect icmp
inspect icmp error
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:a12570fdbe3a2d44ec7e663828cd93c0
: end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2018 08:14 PM
Hi All,
I have solved the issue,
actually when i pass this configuration :
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Still we need to exempt same interface with same interface. like exempt inside with inside and winsaide with winside. by doing this i am able to communicate between interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide