02-08-2007 07:27 PM - edited 03-11-2019 02:31 AM
I have one PIX 515 with version 6.3. I found the traffic can not go through between two interface with same security level (the output of show nameif)
nameif ethernet3 dmz_3 security20
nameif ethernet4 dmz_4 security20
anyone can help ?
if i chnage one interface security , have it any impact?
Solved! Go to Solution.
02-12-2007 04:26 PM
Oops,
Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e
static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240
I hope it helps .. please rate it if it does !!!
02-08-2007 07:39 PM
HI .. yes you are correct 6.X version does not support it but code 7.X does.
By changing the security priority it might definetely impact the configuration .. please post the config without passwords .. etc to ahve a look at and please lete us know whihc is the zone you would like to change the security level
02-08-2007 07:59 PM
Thanks for your reply
i have six interface,the security level as below
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz_1 security25
nameif ethernet3 dmz_3 security20
nameif ethernet4 dmz_4 security20
nameif ethernet5 dmz_5 security25
then,As my plan that the traffic can communicate between dmz3 and dmz4. so i would like change the dmz4's security level to 15. i think this change will not affect other zone(inside, dmz1,dmz5) communicate with dmz4 since their secrity level was high than dmz4.
P.S for acl of dmz3 and dmz4, it were all any any.
but do this change will affect the current traffic was exist in pix (I have two pix wiht failover)
02-08-2007 08:25 PM
02-12-2007 04:26 PM
Oops,
Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e
static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240
I hope it helps .. please rate it if it does !!!
02-21-2007 08:19 PM
I have done this change before your reply, so far so good. anyway, many thanks for your kindly helpful :):)
02-22-2007 03:43 PM
7.2.2 is still a better one
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: