Poland
GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com
Sweden
Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com
UK
Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com
US Region
Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com
Technology: Network Security
Area: Firewalls
Vendor: Cisco
Software: 8.X, 9.X
Platform: Cisco ASA
Sometimes you cannot decide which interface should be higher or lower and you give two or more interfaces the same Security level. So how the rule number 1 applies? Traffic between equal security level interfaces is by default denied but you can change this behavior.
To change this, use command:
ASA#configure terminal
ASA(config)#same-security-traffic permit inter-interface
Above commands applies to traffic passing more than one interface (from on to another). What if you have traffic hairpining the same interface? The example could be VPN traffic with no split tunneling. All VPN users traffic which is vpn-encrypted bounces the outside interface and returns back to Internet unencrypted. This is intra-interface traffic and such scenario has to be allowed by intra command:
ASA#configure terminal
ASA(config)#same-security-traffic permit intra-interface