PIX 6.3(5) VLAN to VLAN traffic

Unanswered Question
Sep 21st, 2009

Having issues passing traffic from one VLAN to the other VLAN through the PIX515e. I can access Internet through both VLANs but can not access one VLAN fro the other. Would appreciate some more eyes than just mine.


I have read the 6.3 docs. I also searched through this forum before posting. I am thinking this should be just like a DMZ setup since one VLAN has a lower security number than the other, due to version of code.


Obviously I am missing something. Thanks in advance for any help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tony_8528 Tue, 09/22/2009 - 04:34

None of the 3 VLANs can talk to the other VLANs. I can put a PC on any of the VLANs and PING the firewall, which is set as the gateway. However, no traffic will pass between any of the VLANs.


andrew.prince@m... Tue, 09/22/2009 - 04:36

I see from your post - you have a restricted license, I suggest you look into the limitations on physical & logical interfaces for your platform.

tony_8528 Tue, 09/22/2009 - 04:37

Limitations are 3 physical and 5 logical. I am within the limitations.

tony_8528 Tue, 09/22/2009 - 06:38

PINGs go no further than the VLAN interface on which they are received.


PING from PC 172.16.1.10 to PC 172.17.1.10 hits 172.16.1.1 and stops.


I can however get out to the Internet from both VLANs with no problem. I can not get from VLAN to VLAN. I believe my access-lists are correct, but still no traffic is being passed.



tony_8528 Tue, 09/22/2009 - 07:01

Sorry, I was not clear. I ran a "debug packet" on all three interfaces while running the PING test.


The debugs showed the PINGs hitting the VLAN interface and stopping.

tony_8528 Thu, 09/24/2009 - 08:27

I have not abandoned this, but it may be tomorrow before I can get back to it. Thanks for you effort and help.



Actions

This Discussion