Breaking News :

nothing found
December 23, 2024

Cisco ASA – Permitting traffic between two interfaces with the same security level

I had to make some network modifications to an ASA to activate another interface to accommodate some storage devices on a separate subnet for management purposes.  The below diagram shows the subnet’s in question.  I needed to configure the two interfaces to allow all interesting traffic to pass bi-directionally between each other.  Here are the commands I used to this rolling.

image

Even though the SERVER and STORAGE interfaces are configured with the same security level of 100 the default behavior of an ASA is to block communication between them.  We can enable communication between these two interfaces with the same security level with the following command:

ASA-CLI (config) # same –security-traffic permit inter-interface

Here is where many people get stuck.  After this command is added many people become baffled that they still cannot ping and pass traffic through.  This is because a “static or dynamic” translation rule is still required.  I added the following two commands to allow all IP traffic to pass bi-directionally.

ASA-CLI (config) # static (server,storage) 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0

ASA-CLI (config) # static (storage,server) 192.168.2.0 255.255.255.0 192.168.2.0 255.255.255.0

At this point you should be good to go.

-Justin Vashisht (3cVguy)

Read Previous

3Par StoreServ 7000 – Step by step Installation and Configuration (Part 1)

Read Next

HP 2013 Global Partner Conference – New product announcements!

Most Popular