Monitoring interfaces, Asa 5505 example – Cisco ASA 5505 User Manual
Page 308
8-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 8 Completing Interface Configuration (Routed Mode)
Monitoring Interfaces
If you enable same security interface communication, you can still configure interfaces at different
security levels as usual.
Information About Intra-Interface Communication
Intra-interface communication might be useful for VPN traffic that enters an interface, but is then routed
out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for
another VPN connection. For example, if you have a hub and spoke VPN network, where the ASA is the
hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic
must go into the ASA and then out again to the other spoke.
Note
All traffic allowed by this feature is still subject to firewall rules. Be careful not to create an asymmetric
routing situation that can cause return traffic not to traverse the ASA.
Detailed Steps
Monitoring Interfaces
To monitor interfaces, enter one of the following commands:
Configuration Examples for Interfaces in Routed Mode
This section includes the following topics:
•
ASA 5505 Example
The following example configures three VLAN interfaces for the Base license. The third home interface
cannot forward traffic to the business interface.
hostname(config)# interface vlan 100
Command
Purpose
same-security-traffic permit
inter-interface
Enables interfaces on the same security level so that they can communicate
with each other.
same-security-traffic permit
intra-interface
Enables communication between hosts connected to the same interface.
Command
Purpose
show interface
Displays interface statistics.
show interface ip brief
Displays interface IP addresses and status.