Link to home
Avatar of beckredder
beckredder

asked on

security levels and Vlans

We have a number of Vlans with different security levels.  When all the Vlans are set with the same security level on our ASA 5545, the Vlans can communicate.

When i change the Vlans to different security levels, they cannot communicate.  

Is there a command i can use to enable this?
ASKER CERTIFIED SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of beckredder
beckredder

ASKER

without any rules other than the implicit deny for interfaces accessing higher from lower shouldn't hosts in the higher vlan be able to access hosts in the lower vlan?

I add a rule between the two hosts allowing access from the lower to the higher and I then can ping both ways.  Remove the rule and I cannot ping.

How do I configure it so that only the higher vlan is able to ping the lower vlan?

Its like ICMP traffic isn't allowed to make the round trip without the rule in place.
oh gosh, yes, I had that backwards.  what does packet-tracer show?

packet-tracer input ZONE PROTO ORIGIN_IP 65535 DEST_IP DEST_PORT

i.e.,

packet-tracer input inside tcp 172.16.31.43 65535 192.168.1.34 eq 1433 detail
I've requested that this question be deleted for the following reason:

wrong question