Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
5
Replies

2 interfaces with the same securtity level

sbohannan
Level 1
Level 1

‎03-21-2008 11:14 AM - edited ‎03-03-2019 09:13 PM

I have 2 subnets that i have setup on 2 interfaces. the 1st subnet (Company A) has internet access. the 2nd subnet (Company B) has no internet access or access to company A, from a computer on the on company b's subnet i am able to ping the firewall but traffic does not go any farther.

Thank you for any help givin.

Shane

Labels:
0 Helpful
5 Replies 5

Manoj Wadhwa
Level 1
Level 1

‎03-21-2008 12:32 PM

Hi Shane,

In Pix FW, if you have 2 interfaces with same security levels, they won't communicate with each other. You need to define a different security level for the two interfaces. Thanks!

Best Regards,

Manoj

0 Helpful

sbohannan
Level 1
Level 1
In response to Manoj Wadhwa

‎03-21-2008 12:38 PM

it is my understanding that the 2 security interfaces should allow traffic across them. if i lower company B's security i will have to add an access list rule to allow communications between the 2 interfaces.

0 Helpful

Manoj Wadhwa
Level 1
Level 1
In response to sbohannan

‎03-21-2008 12:42 PM

Interfaces with equal security levels do not allow traffic between them. Yes, you will have to reduce the security level of one of the interfaces and add ACL to allow the communications between them.

0 Helpful

legerity1_2
Level 1
Level 1
In response to sbohannan

‎03-21-2008 12:46 PM

Depends on the platform/code rev. The ASA can pass traffic through same-security interfaces by entering the "same-security-traffic permit" command.

Here's the command for the ASA, rev 7.2:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167

HTH

Geoff

0 Helpful

sbohannan
Level 1
Level 1
In response to legerity1_2

‎03-21-2008 01:04 PM

geoff,

I found this command on the internet while waiting for a reply on my post and entered it but i still do not get any traffic to Company A's interface or to my outside interface (security level 0)

Also as a side note i have ran the packet tracer on company b's interface and i have an acl that is stopping traffic, i have an implicit rule source and destination both are set to any, and the action is set to deny.

Shane

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card