This feature is useful for VPN traffic that enters an interface but is then routed out of that same interface. For example, if you have a hub and spoke VPN network, where the security appliance is the hub and remote VPN networks are spokes, in order for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.

Use the same-security-traffic configuration to allow traffic to enter and exit the same interface.

ASA(config)#same-security-traffic permit intra-interface

