Wednesday, May 22, 2013

Cisco ASA: "same-security-traffic permit intra-interface" Command In CLI

I probably have posted this before, but I came across it again tonight.  Have you ever needed to get across a site to site VPN from another site to site VPN?  Like this below:
On the ASA, in order for you to get from point 1 to point 3, you have to use the "same-security-traffic permit intra-interface" command in CLI.  That is called "hair-pinning".  Anyway, I hope that explains what this command is going to do for you, in this type of scenario.  

NOTE*  Yeah, I looked back and I've done two other posts in particular dealing with hair-pinning.  The first one was here at this link on June 9, 2011.  The second one, which to me is a much further detail of hair-pinning and an explanation of the NAT statement in 8.3 and later, was on January 8th of this year and you can click on this link to get to it.  Sorry for doing this over again, but since Ive already got it up there, Ill just let it stay. 

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.