[TABS_R id=8782]
Which of the following commands should you issue to allow communication between different ASA interfaces that share the same security level? (Select the best answer.)
- samesecuritytraffic permit interinterface
- samesecuritytraffic permit intrainterface
- securitylevel 0
- securitylevel 100
- established
Explanation:
You should issue the samesecuritytraffic permit interinterface command on a Cisco Adaptive Security Application (ASA) to allow communication between different interfaces that share the same security level. Typically, interfaces with the same security level are not allowed to communicate with each other.
You should not issue the samesecurity traffic permit intrainterface command to allow communication between different interfaces that share the same security level. You should issue the samesecuritytraffic permit intrainterface command to allow a packet to exit an ASA through the same interface through which it entered, which is also known as hairpinning. By default, an ASA does not allow packets to enter and exit through the same physical interface. However, because multiple logical virtual LANs (VLANs) can be assigned to the same physical interface, it is sometimes necessary to allow a packet to enter and exit through the same interface. The samesecuritytraffic permit intrainterface command allows packets to be sent and received from the same interface even if the traffic is protected by IP Security (IPSec) security policies. Another scenario for which you would need to use the samesecuritytraffic permit intrainterface command is if multiple users need to connect via virtual private network (VPN) through the same physical interface. These users will not be able communicate with one another unless the samesecuritytraffic permit intrainterface command has been issued from global configuration mode.
You should not issue either the securitylevel 0 command or the securitylevel 100 command to allow communication between different interfaces that share the same security level. The securitylevel command is used to set the security level on a physical interface. Security level 0 should be used to achieve the lowest security level possible, whereas security level 100 should be used to achieve the highest security level available.
You should not issue the established command to allow communication between different interfaces that share the same security level. The established command is used to allow inbound traffic on any interface that has already established an outbound connection with the ASA. For example, you could issue the established tcp 4567 0 command to configure the ASA to allow an external host to initiate a connection through the ASA to an internal host after the internal host has first established a Transmission Control Protocol (TCP) connection to port 4567 on the external host. The established command is often used to support protocols such as streaming media protocols that negotiate the ports for return traffic.
[TABS_R id=8782]