PIX 6.3(5) VLAN to VLAN traffic

Unanswered Question
Sep 21st, 2009
User Badges:

Having issues passing traffic from one VLAN to the other VLAN through the PIX515e. I can access Internet through both VLANs but can not access one VLAN fro the other. Would appreciate some more eyes than just mine.

I have read the 6.3 docs. I also searched through this forum before posting. I am thinking this should be just like a DMZ setup since one VLAN has a lower security number than the other, due to version of code.

Obviously I am missing something. Thanks in advance for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tony_8528 Tue, 09/22/2009 - 04:34
User Badges:

None of the 3 VLANs can talk to the other VLANs. I can put a PC on any of the VLANs and PING the firewall, which is set as the gateway. However, no traffic will pass between any of the VLANs.

tony_8528 Tue, 09/22/2009 - 04:37
User Badges:

Limitations are 3 physical and 5 logical. I am within the limitations.

tony_8528 Tue, 09/22/2009 - 06:38
User Badges:

PINGs go no further than the VLAN interface on which they are received.

PING from PC to PC hits and stops.

I can however get out to the Internet from both VLANs with no problem. I can not get from VLAN to VLAN. I believe my access-lists are correct, but still no traffic is being passed.

tony_8528 Tue, 09/22/2009 - 07:01
User Badges:

Sorry, I was not clear. I ran a "debug packet" on all three interfaces while running the PING test.

The debugs showed the PINGs hitting the VLAN interface and stopping.


This Discussion