security levels and Vlans

We have a number of Vlans with different security levels. When all the Vlans are set with the same security level on our ASA 5545, the Vlans can communicate.

When i change the Vlans to different security levels, they cannot communicate.

Is there a command i can use to enable this?

Switches / HubsCisco

Last Comment

beckredder

8/22/2022 - Mon

ASKER CERTIFIED SOLUTION

Jan Bacher

12/11/2014

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

beckredder

12/11/2014

ASKER

without any rules other than the implicit deny for interfaces accessing higher from lower shouldn't hosts in the higher vlan be able to access hosts in the lower vlan?

I add a rule between the two hosts allowing access from the lower to the higher and I then can ping both ways. Remove the rule and I cannot ping.

How do I configure it so that only the higher vlan is able to ping the lower vlan?

Its like ICMP traffic isn't allowed to make the round trip without the rule in place.

Jan Bacher

12/11/2014

oh gosh, yes, I had that backwards. what does packet-tracer show?

packet-tracer input ZONE PROTO ORIGIN_IP 65535 DEST_IP DEST_PORT

i.e.,

packet-tracer input inside tcp 172.16.31.43 65535 192.168.1.34 eq 1433 detail

beckredder

3/13/2015

ASKER

I've requested that this question be deleted for the following reason:

wrong question

Your help has saved me hundreds of hours of internet surfing.

Certified Expert Program

Credly Partnership

Udemy Partnership