Does same-security-traffic require an access-list?
Posted on 2008-10-22
I have my AS configured with one 'outside' interface and three 'inside' interfaces, at security-level 0 and 100, respectively. The in1/2/3->outside traffic can pass without an explicit access-list. Outside->in1/2/3 traffic needs both an access-list and relevant statics. This is as expected.
However, if I need one of the inside interfaces to talk to another, I either need to change the security-levels, or use same-security-traffic permit. If I do the latter, which security model applies (i.e. will I have to explicitly permit the relevant in1->in2 traffic via access-list)?