cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
0
Helpful
6
Replies

PIX 6.3 communication between two interface with same security level

terry-tai
Level 1
Level 1

I have one PIX 515 with version 6.3. I found the traffic can not go through between two interface with same security level (the output of show nameif)

nameif ethernet3 dmz_3 security20

nameif ethernet4 dmz_4 security20

anyone can help ?

if i chnage one interface security , have it any impact?

1 Accepted Solution

Accepted Solutions

Oops,

Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e

static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240

I hope it helps .. please rate it if it does !!!

View solution in original post

6 Replies 6

Fernando_Meza
Level 7
Level 7

HI .. yes you are correct 6.X version does not support it but code 7.X does.

By changing the security priority it might definetely impact the configuration .. please post the config without passwords .. etc to ahve a look at and please lete us know whihc is the zone you would like to change the security level

Thanks for your reply

i have six interface,the security level as below

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz_1 security25

nameif ethernet3 dmz_3 security20

nameif ethernet4 dmz_4 security20

nameif ethernet5 dmz_5 security25

then,As my plan that the traffic can communicate between dmz3 and dmz4. so i would like change the dmz4's security level to 15. i think this change will not affect other zone(inside, dmz1,dmz5) communicate with dmz4 since their secrity level was high than dmz4.

P.S for acl of dmz3 and dmz4, it were all any any.

but do this change will affect the current traffic was exist in pix (I have two pix wiht failover)

please find the configuration file in attachment

Oops,

Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e

static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240

I hope it helps .. please rate it if it does !!!

I have done this change before your reply, so far so good. anyway, many thanks for your kindly helpful :):)

7.2.2 is still a better one

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: