route between interfaces in ASA 5505

I have an ASA 5505 with a VLAN attached to interface E0/1 and a different VLAN attached to interface E0/2. Like so,

interface Ethernet0/1
!
interface Ethernet0/2
 switchport access vlan 3
!
interface Vlan1
 nameif DMZ
 security-level 100
 ip address 66.192.1.1 255.255.255.192
!
interface Vlan3
 nameif Clean
 security-level 100
 ip address 66.192.1.65 255.255.255.192
!
My understanding was that these VLANs would route all traffic between them by default, if they had identical security levels, and would I would need to limit that, but I get no traffic between them.  Even though traffic to the outside interface and Internet works fine from either VLAN.  Not sure where to look for this.  Anyone had a need to do this and have some ideas?  Thanks
SIDESHOWBLAHAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ITHDCommented:
By default traffic are not permitted between identical security levels. Try this:

same-security-traffic permit inter-interface
access-list DMZ extended permit ip 66.192.1.0 255.255.255.192 any
access-list Clean extended permit ip 66.192.1.64 255.255.255.192 any
0
SIDESHOWBLAHAuthor Commented:
Thanks for note.  That does not seem to have changed anything , at least that I can see.  One thing I did notice looking at this over teh weekend was that there is a NAT statement for each inside VLAN, which if removed my access to the Internet stops working.  I am not using any private IPs, so not sure why I would need to NAT anything.  
If I look at the access-list log after attempting to pass traffic between these 2 VLANs, I do not see anything being logged.  So it almost like nothing is being routed, but I cannot see why.
0
Benjamin Van DitmarsCommented:
You need to have the nat rules from one to the other interface so the ASA knows how to handle it's traffic. also you need to set the option under the interfaces page "enable traffic between two or more interface ......"

then you also need access rules that allow's the traffic

i just test this and on my asa it's working
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.