03-21-2008 11:14 AM - edited 03-03-2019 09:13 PM
I have 2 subnets that i have setup on 2 interfaces. the 1st subnet (Company A) has internet access. the 2nd subnet (Company B) has no internet access or access to company A, from a computer on the on company b's subnet i am able to ping the firewall but traffic does not go any farther.
Thank you for any help givin.
Shane
03-21-2008 12:32 PM
Hi Shane,
In Pix FW, if you have 2 interfaces with same security levels, they won't communicate with each other. You need to define a different security level for the two interfaces. Thanks!
Best Regards,
Manoj
03-21-2008 12:38 PM
it is my understanding that the 2 security interfaces should allow traffic across them. if i lower company B's security i will have to add an access list rule to allow communications between the 2 interfaces.
03-21-2008 12:42 PM
Interfaces with equal security levels do not allow traffic between them. Yes, you will have to reduce the security level of one of the interfaces and add ACL to allow the communications between them.
03-21-2008 12:46 PM
Depends on the platform/code rev. The ASA can pass traffic through same-security interfaces by entering the "same-security-traffic permit" command.
Here's the command for the ASA, rev 7.2:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167
HTH
Geoff
03-21-2008 01:04 PM
geoff,
I found this command on the internet while waiting for a reply on my post and entered it but i still do not get any traffic to Company A's interface or to my outside interface (security level 0)
Also as a side note i have ran the packet tracer on company b's interface and i have an acl that is stopping traffic, i have an implicit rule source and destination both are set to any, and the action is set to deny.
Shane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide