关闭

关于ASA的same-security-traffic命令

1599人阅读 评论(0) 收藏 举报

 关于ASA的same-security-traffic命令

 


To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.

same-security-traffic permit {inter-interface | intra-interface}
no same-security-traffic permit {inter-interface | intra-interface}

语法解释:
inter-interface
Permits communication between different interfaces that have the same security level.

intra-interface
Permits communication in and out of the same interface.

默认值:
This command is disabled by default.

命令历史:
7.2(1) This command was introduced.

使用指南:
Allowing communication between same security interfaces (enabled by the same-security-traffic inter-interface command) provides the following benefits:
? You can configure more than 101 communicating interfaces. If you use different levels for each interface, you can configure only one interface per level (0 to 100).
? You can allow traffic to flow freely between all same security interfaces without access lists.

The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.
 
 

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:4677次
    • 积分:68
    • 等级:
    • 排名:千里之外
    • 原创:0篇
    • 转载:3篇
    • 译文:0篇
    • 评论:1条
    文章存档
    最新评论