Intra-interface traffic

Unanswered Question

Hi ,

I have a customer which has a PIX 6.x .

We added an internal network behind another router .

Clients have the pix as DG , and we wish not to chage it .

We've added routing info on the pix and set the PIX as DG of the additional router .

We know that by default pix does not route on the same interface and that on PIX7.x the command

same-security-traffic permit intra-interface

can be used to solve the issue .

I'd like to know if it would work on Pix 6.x as well or if we have to update it.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Wed, 10/21/2009 - 06:01

As the other poster mentioned, this is not possible on Pix 6. Even in Pix 7/8 with "same-security-traffic permit intra-interface" you still need to make sure that the return traffic is also routed through the Pix, so you'll need to do some fancy NAT.

You mentioned that "Clients have the pix as DG , and we wish not to chage it". Do you mean that you want the traffic to be firewalled (in that case, consider adding an interface to the Pix) or that you do not want to re-configure all the clients? In the latter case, you could simply swap the ip addresses of the router and the Pix?


This Discussion