Solved: Cisco ASA VPN/ACL Problem

drbabbers · ‎04-05-2016

All,

The situation is I am trying to initate a connection into the outside of an ASA firewall, to a destination IP that is on the remote end of a VPN tunnel peered from the same ASA on the outside interface. So logically the traffic slow is Outside to Outside.

The ASA is denying the traffic as the conversation is showing the source as Outside and the destination as Outside.

Is there anything clever I can do on the ASA to fix this?

Thanks

D

Aditya Ganjoo · ‎04-05-2016

Hi,

Use the following command on the ASA:

same-security-traffic permit intra-interface

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Aditya Ganjoo · ‎04-05-2016

Hi,

Use the following command on the ASA:

same-security-traffic permit intra-interface

Regards,

Aditya

Please rate helpful posts and mark correct answers.

drbabbers · ‎04-05-2016

Thats great thanks. Is this the same as ticking the box on the ASDM 'Enable traffic between two or more hosts connected to the same interface'?

D

Dinesh Moudgil · ‎04-05-2016

So there are 2 things:

1. Enable traffic between two or more hosts connected to the same interface
2. Enable traffic between two or more interfaces which are configured with same security levels

So the equivalent commands are :
1.same-security-traffic permit intra-interface
2. same-security-traffic permit inter-interface

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Aditya Ganjoo · ‎04-05-2016

Yes you are correct.

Regards,

Aditya

Please rate helpful posts and mark correct answers.