Cisco ASA – Allow traffic between two same security level interfaces

This is just a quick one,

A customer of mine has two companies running in the same building, using the same ISP connection, as such the Firewall is essentially the core of the network. I put in this network and although its not exactly best practise, its a case of making do with what they had and could afford.

Today he logged a support ticket stating he couldnt connect between two internal different subnets any more, (192.168.x.x and 172.16.x.x)

The fix for this was inputting the command;

same-security-traffic permit inter-interface

This allows interfaces that share the same security level to send traffic to one another, you still also need access-rules to permit the traffic aswell!

2014-08-06_10-22-16

Leave a Reply