Most Cisco ASA firewall models allow you to have a maximum number of VLANs greater than 100 (e.g 150, 200, 250). Each Layer 2 VLAN on the ASA is essentially a different security zone, with its own Security Level number. As we know, security levels can range from 0 to 100 (i.e we have 101 security levels). One obvious question arises here: How can we have lets say 150 VLANs on the firewall, but we have only 101 possible security levels?

The answer is simple: We can have the same security level number on different interfaces / subinterfaces (security zones). This feature will allow us to have more than 101 communicating interfaces on the firewall.

By default, interfaces with the same security level can not communicate between them. To allow traffic to flow freely between interfaces with same security level, use the following command:

ASA(config)# same-security-traffic permit inter-interface

There is another option also for this command:
ASA(config)# same-security-traffic permit intra-interface

The last command above allows traffic to enter and exit the same interface, which by default is not allowed. This is useful in networks where the ASA firewall acts as a HUB in a HUB-and-SPOKE VPN topology, where spokes need to communicate with each through the hub.

Related posts:

1. How to Configure VLAN subinterfaces on Cisco ASA 5500 Firewall
2. Cisco ASA NetFlow Support – NetFlow Security Event Logging – NSEL
3. Using the Management Interface of the Cisco ASA Firewall
4. ASA Firewall NAT Control Feature
5. Cisco ASA 5500 Dual ISP Connection
6. How can we allow whole traffic in ASA from inside to outside
7. Cisco ASA 5505 Vlans and Licensing