Cisco ASA – Permitting traffic between two interfaces with the same security level
Even though the SERVER and STORAGE interfaces are configured with the same security level of 100 the default behavior of an ASA is to block communication between them. We can enable communication between these two interfaces with the same security level with the following command:
ASA-CLI (config) # same –security-traffic permit inter-interface
Here is where many people get stuck. After this command is added many people become baffled that they still cannot ping and pass traffic through. This is because a “static or dynamic” translation rule is still required. I added the following two commands to allow all IP traffic to pass bi-directionally.
ASA-CLI (config) # static (server,storage) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
ASA-CLI (config) # static (storage,server) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
At this point you should be good to go.
-Justin Vashisht (3cVguy)
No comments:
Post a Comment