We help IT Professionals succeed at work.

security levels and Vlans

beckredder
beckredder asked
on
104 Views
Last Modified: 2015-03-13
We have a number of Vlans with different security levels.  When all the Vlans are set with the same security level on our ASA 5545, the Vlans can communicate.

When i change the Vlans to different security levels, they cannot communicate.  

Is there a command i can use to enable this?
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
without any rules other than the implicit deny for interfaces accessing higher from lower shouldn't hosts in the higher vlan be able to access hosts in the lower vlan?

I add a rule between the two hosts allowing access from the lower to the higher and I then can ping both ways.  Remove the rule and I cannot ping.

How do I configure it so that only the higher vlan is able to ping the lower vlan?

Its like ICMP traffic isn't allowed to make the round trip without the rule in place.
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
oh gosh, yes, I had that backwards.  what does packet-tracer show?

packet-tracer input ZONE PROTO ORIGIN_IP 65535 DEST_IP DEST_PORT

i.e.,

packet-tracer input inside tcp 172.16.31.43 65535 192.168.1.34 eq 1433 detail

Author

Commented:
I've requested that this question be deleted for the following reason:

wrong question
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.