Cisco ASA 5505 Configuration Manual page 259

Chapter 8 Configuring Interfaces
Select an interface, and click Edit.
Step 2
The Edit Interface dialog box appears with the General tab selected.
Click the IPv6 tab.
Step 3
(Optional) To enforce the use of Modified EUI-64 format interface identifiers in IPv6 addresses on a
Step 4
local link, check the Enforce EUI-64 check box.
If the interface identifiers do not conform to the modified EUI-64 format, an error message appears. See
the
To set the link-local address, enter an address in the Link-local address field.
Step 5
A link-local address should start with FE8, FE9, FEA, or FEB, for example fe80::20d:88ff:feee:6a82.
See the
Step 6 Click OK.
Allowing Same Security Level Communication
By default, interfaces on the same security level cannot communicate with each other, and packets
cannot enter and exit the same interface. This section describes how to enable inter-interface
communication when interfaces are on the same security level, and how to enable intra-interface
communication.
Information About Inter-Interface Communication
Allowing interfaces on the same security level to communicate with each other provides the following
benefits:
•
•
If you enable same security interface communication, you can still configure interfaces at different
security levels as usual.
Information About Intra-Interface Communication
Intra-interface communication might be useful for VPN traffic that enters an interface, but is then routed
out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for
another VPN connection. For example, if you have a hub and spoke VPN network, where the security
appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another
spoke, traffic must go into the security appliance and then out again to the other spoke.
Note All traffic allowed by this feature is still subject to firewall rules. Be careful not to create an asymmetric
routing situation that can cause return traffic not to traverse the adaptive security appliance.
Restrictions
This feature is only available in routed firewall mode.
OL-20339-01
"Information About Modified EUI-64 Interface IDs" section on page 8-28
"IPv6 Addresses" section on page A-5
You can configure more than 101 communicating interfaces.
If you use different levels for each interface and do not assign any interfaces to the same security
level, you can configure only one interface per level (0 to 100).
You want traffic to flow freely between all same security interfaces without access lists.
Allowing Same Security Level Communication
for more information about IPv6 addressing.
Cisco ASA 5500 Series Configuration Guide using ASDM
for more information.
8-31