关于ASA的same-security-traffic命令

转载 2007年09月23日 22:23:00

 关于ASA的same-security-traffic命令

 


To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.

same-security-traffic permit {inter-interface | intra-interface}
no same-security-traffic permit {inter-interface | intra-interface}

语法解释:
inter-interface
Permits communication between different interfaces that have the same security level.

intra-interface
Permits communication in and out of the same interface.

默认值:
This command is disabled by default.

命令历史:
7.2(1) This command was introduced.

使用指南:
Allowing communication between same security interfaces (enabled by the same-security-traffic inter-interface command) provides the following benefits:
? You can configure more than 101 communicating interfaces. If you use different levels for each interface, you can configure only one interface per level (0 to 100).
? You can allow traffic to flow freely between all same security interfaces without access lists.

The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.
 
 

相关文章推荐

Fixing the security exception : "class /"" + packageName + "/" does not match trust level of other classes in the same package"

mixed code, trust level, JNLP, security, JWS
  • nomad2
  • nomad2
  • 2011-01-15 22:26
  • 3989

ASA配置命令

要想配置思科的防火墙得先了解这些命令:   常用命令有:nameif、interface、ip address、nat、global、route、static等。   global   指定公网...

Linux下vi编辑器常用命令(转自http://net.zdnet.com.cn/network_security_zone/2008/0519/869835.shtml)

一.简介   vi是unix世界中最通用的全屏编辑器,Linux中是用的是vi的加强版vim,vim同vi完全兼容,vi就是"visual interface"的缩写。它可以执行输出、删除、查找、替换...

ASA负载均衡配置命令

【PB】Sybase Adaptive Server Anywhere (ASA)数据库*.db 密码破解备忘

Adaptive Server Anywhere数据库具有大型数据库的特点,有完善的管理工具支持(Sybase Central)、触发器、存贮过程的支持、用户权限管理等,安装、移植比较方便,它的数据库...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)