Sunday 9 February 2014

ASA inter interface and intra interface traffic

Higher security level interfaces can talk pass traffic to lower security interfaces by default but what if they are on the same security level? By default this is not permitted. Even if you define access-lists to permit the traffic, it is still denied.

Inter-interface traffic

Inter interface communication allows communications between different interfaces of the same security level.

ciscoasa(config)# same-security-traffic permit inter-interface
 
 
Intra-interface trafficIntra-interface permits flows of traffic that comes in on an interface and routed back out the same interface. This is denied by default. An example of this would be hair-pinning; Hub and Spoke VPN topologies utilize this methodology.  

ciscoasa(config)# same-security-traffic permit intra-interface
 
 
Redudant interface
active and standby interface. whichever interface comes first in config is activeinterface.

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)