关于ASA的same-security-traffic命令

转载 2007年09月23日 22:23:00

 关于ASA的same-security-traffic命令

 


To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode. To disable the same-security traffic, use the no form of this command.

same-security-traffic permit {inter-interface | intra-interface}
no same-security-traffic permit {inter-interface | intra-interface}

语法解释:
inter-interface
Permits communication between different interfaces that have the same security level.

intra-interface
Permits communication in and out of the same interface.

默认值:
This command is disabled by default.

命令历史:
7.2(1) This command was introduced.

使用指南:
Allowing communication between same security interfaces (enabled by the same-security-traffic inter-interface command) provides the following benefits:
? You can configure more than 101 communicating interfaces. If you use different levels for each interface, you can configure only one interface per level (0 to 100).
? You can allow traffic to flow freely between all same security interfaces without access lists.

The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.
 
 

Fixing the security exception : "class /"" + packageName + "/" does not match trust level of other classes in the same package"

mixed code, trust level, JNLP, security, JWS
  • nomad2
  • nomad2
  • 2011年01月15日 22:26
  • 4166

ASA配置命令

要想配置思科的防火墙得先了解这些命令:   常用命令有:nameif、interface、ip address、nat、global、route、static等。   global   指定公网...

ASA负载均衡配置命令

  • 2013年11月14日 16:35
  • 3KB
  • 下载

Linux下vi编辑器常用命令(转自http://net.zdnet.com.cn/network_security_zone/2008/0519/869835.shtml)

一.简介   vi是unix世界中最通用的全屏编辑器,Linux中是用的是vi的加强版vim,vim同vi完全兼容,vi就是"visual interface"的缩写。它可以执行输出、删除、查找、替换...

ipsec+ssl+acs+asa5520配置命令

  • 2010年12月14日 17:54
  • 6KB
  • 下载

Copying Clients Within the Same System

  • 2008年11月21日 12:39
  • 221KB
  • 下载

思科 CISCO ASA web接口不能访问

今天同事搞cisco的ASA防火墙,配置ASDM,没有搞定。于是,向我求救,好吧那我来看看。 检查http配置 先看了下http配置,已经进行了配置,没有问题。 ciscoasa(con...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章: 关于ASA的same-security-traffic命令
举报原因:
原因补充:

(最多只允许输入30个字)