pix515 traffic in problem

Answered Question

added a new vlan on one interface, connected a router and from pix, I can ping it

from inside the lan I try to ping the same remote router and fail. I also fail pinging to the vlan interface

ping to the internet is working

Correct Answer by Kureli Sankar about 6 years 8 months ago

From the lan you can only ping the inside interface of the PIX.  You cannot ping the far side interface.  This is by design not allowed.


What code are you running on the PIX? both the security levels are 100 so you need this command


same-security-traffic permit inter-interface


-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kureli Sankar Fri, 08/06/2010 - 12:44
User Badges:
  • Cisco Employee,

Pls. let us know clearly what the topology is. What exactly works and what breaks.


inside n/w---PIX---new-interface--router


1. from the PIX you can ping the router

2. from the inside n/w you cannot ping the router?


What is the name of the new interface? what is the security level for that? ----> dmz ?

What is the name of the inside interface and security level for that? -----------> inside ?

If the inside is higher security level than the newly created interface then you need this


Static (inside,dmz) x.x.x.x x.x.x.x netmask 255.255.255.0


where x.x.x.x is the inside network.


-KS

Correct Answer
Kureli Sankar Fri, 08/06/2010 - 13:03
User Badges:
  • Cisco Employee,

From the lan you can only ping the inside interface of the PIX.  You cannot ping the far side interface.  This is by design not allowed.


What code are you running on the PIX? both the security levels are 100 so you need this command


same-security-traffic permit inter-interface


-KS

Actions

This Discussion