I hate to hijack someone elses post, but could you take a look at my post and tell me what I am doing wrong. I have followed the suggestions of the person trying to help, but I still cannot get from my networks behind my 2821 or 3745 to the 2811. Here is the link. I even have a diagram up and all the configs are zipped up in the first post. https://supportforums.cisco.com/message/4143926#4143926 I just don't see what I am missing. I added this statement: same-security-traffic permit inter-interface I also added his access-lists he suggested. No go JouniForss wrote: Hi, The above limitation we are talking about simply prevents a host from behind an interface from connecting directly to another interface on the ASA. It doesnt block any traffic between the actual networks behind different interfaces. Only traffic to the ASA itself. So consider your LAN and WAN ports. Users behind LAN will not be able to connect to the ASA by using its WAN port IP address. This however does not mean that users behind LAN could not access networks behind the WAN interface. They just cant connect to the ASA interface itself. They would have to be located behind WAN to connect to WAN interface. Now they can connect to the LAN interface as they are behind that interface. So having traffic go through the ASA between different networks is no problem as long as Routing, NAT and ACLs are fine on all the devices. (NAT and ACL might not be present on each device naturally) - Jouni
... View more
Hello, In the comparison table of CSM versions http://www.cisco.com/en/US/products/ps6498/prod_software_versions_comparison.html is written that Standard version does not support ASA Service Module. Does it mean that having IPS or CSC Module installed in ASA it will not be possible to manage IPS or Content Security Policies in CSM Standard? Or, in other words, what does it mean that CSM Standard does not support ASA Service Module? Thanks a lot.
... View more