two inside interfaces talking to one another?

Unanswered Question
May 22nd, 2008

I am trying to get 2 inside interfaces on a PIX 515E to talk to one another. (These networks need to have any-any type connectivity to each other)

I know on 7.X all you should have to do is create them with the same security level and do a:

same-security-traffic permit inter-interface

However, I am running 6.3 and cant upgrade due to memory to 7.X

Here is what I have

ETH0 Outside interface (nat pool) security level 0 (X.X.X.X - Outside/Internet)

ETH1 Inside interface security level 100 ( (Inside space 1)

ETH1 Inside2 interface (VLAN3) security level 99 ( (Inside space 2)

I can get the inside (192.168.5.X) to talk to inside2 (192.168.6.X) by doing a

access-list inside_outbound_nat0_acl permit ip

nat (inside) 0 access-list inside_outbound_nat0_acl

But I can't for the life of me get inside2 (192.168.6.X) to talk to inside (192.168.5.X)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)


Try the below

static (Inside2,Inside) netmask


access-list inside2_outbound_nat0_acl permit ip

nat (inside2) 0 access-list inside2_outbound_nat0_acl

And of course - if as Inside2 will have a lower security level - make sure you are allowing via and ACL traffic from Inside2 to Inside?


davistw Tue, 05/27/2008 - 10:44

Thanks for the pointer...

What I ended up doing was:

access-list inside2_vlan3_access_in permit ip

access-group inside2_vlan3_access_in in interface inside2_vlan3

static (inside,inside2_vlan3) netmask

access-list inside2_vlan3_access_in permit ip any


This Discussion