Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
10
Replies

PIX 6.3(5) VLAN to VLAN traffic

tony_8528
Level 1
Level 1

‎09-21-2009 11:25 AM - edited ‎03-11-2019 09:18 AM

Having issues passing traffic from one VLAN to the other VLAN through the PIX515e. I can access Internet through both VLANs but can not access one VLAN fro the other. Would appreciate some more eyes than just mine.

I have read the 6.3 docs. I also searched through this forum before posting. I am thinking this should be just like a DMZ setup since one VLAN has a lower security number than the other, due to version of code.

Obviously I am missing something. Thanks in advance for any help.

Labels:
Preview file
5 KB
0 Helpful
10 Replies 10

andrew.prince
Level 10
Level 10

‎09-22-2009 03:28 AM

Which vlan cannot communicate with which vlan?

0 Helpful

tony_8528
Level 1
Level 1
In response to andrew.prince

‎09-22-2009 04:34 AM

None of the 3 VLANs can talk to the other VLANs. I can put a PC on any of the VLANs and PING the firewall, which is set as the gateway. However, no traffic will pass between any of the VLANs.

0 Helpful

andrew.prince
Level 10
Level 10
In response to tony_8528

‎09-22-2009 04:36 AM

I see from your post - you have a restricted license, I suggest you look into the limitations on physical & logical interfaces for your platform.

0 Helpful

tony_8528
Level 1
Level 1
In response to andrew.prince

‎09-22-2009 04:37 AM

Limitations are 3 physical and 5 logical. I am within the limitations.

0 Helpful

andrew.prince
Level 10
Level 10
In response to tony_8528

‎09-22-2009 04:44 AM

what do you debugs & logs tell you when you try to connect from one vlan to another?

0 Helpful

tony_8528
Level 1
Level 1
In response to andrew.prince

‎09-22-2009 06:38 AM

PINGs go no further than the VLAN interface on which they are received.

PING from PC 172.16.1.10 to PC 172.17.1.10 hits 172.16.1.1 and stops.

I can however get out to the Internet from both VLANs with no problem. I can not get from VLAN to VLAN. I believe my access-lists are correct, but still no traffic is being passed.

0 Helpful

andrew.prince
Level 10
Level 10
In response to tony_8528

‎09-22-2009 06:40 AM

what do your logs say - they will likely indicate the issue

0 Helpful

tony_8528
Level 1
Level 1
In response to andrew.prince

‎09-22-2009 07:01 AM

Sorry, I was not clear. I ran a "debug packet" on all three interfaces while running the PING test.

The debugs showed the PINGs hitting the VLAN interface and stopping.

0 Helpful

andrew.prince
Level 10
Level 10
In response to tony_8528

‎09-22-2009 07:05 AM

Can you post the debug output?

0 Helpful

tony_8528
Level 1
Level 1
In response to andrew.prince

‎09-24-2009 08:27 AM

I have not abandoned this, but it may be tomorrow before I can get back to it. Thanks for you effort and help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card