Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
0
Helpful
3
Replies

Cisco Pix 525

jeff slansky
Level 1
Level 1

‎03-23-2015 07:54 PM - edited ‎03-11-2019 10:41 PM

Hi,

 

hopefully my question is fairly easy for someone with more knowledge than me. I have a cisco pix 525. it has multiple subnets on different nic cards and currently and I am hoping to only allow one subnet to talk into the others but not vice versa.

 

currently subnet a, and subnet b can talk to each other in both directions. how can I block all traffic from subnet a from getting into subnet b while allowing subnet b to do anything it wants to subnet a?

 

This scenario is setup on internal networks as well as subnets that are full and split tunnel. I would assume it would be identically but if someone could clarify, that would be great.

 

Thanks,

Jeff

 

 

Labels:
0 Helpful
3 Replies 3

Pino11122
Level 1
Level 1

‎03-24-2015 05:38 AM

You can do this by setting the security levels for the interfaces. Interfaces with higher security levels can pass traffic to interfaces with lower security levels but not vice versa unless explicitly defined. Interfaces with the same security level can pass traffic between each other.

0 Helpful

Jerry Paul
Level 1
Level 1

‎03-24-2015 06:51 AM

Hi Jeff,

 

You can do this with inbound ACL. Try using this.

You can restrict one subnet with that.

 

 

Get Free Pre-Sales Technical Support and purchase Networking Hardware Equipment at lowest prices with fast shipment at www.thenetworkhardware.com

 

0 Helpful

jeff slansky
Level 1
Level 1
In response to Jerry Paul

‎04-05-2015 05:34 AM

hi,

 

thanks for your replies. sorry I have been very busy lately.

I am aware of the security levels on the interfaces. they are currently set to 0 on the outside interface, 50 on the lab interface and 100 on the internal interface.

The problem I am having really is using doing hairpinned vpn access. full tunnel has access to the the internal network when connecting to the lab.

You had mentioned to use an ACL. yes. I have tried this blocking tcp and udp. When I try and block stuff, it bricks access to the network for all remote users(me). What specifically is the command you would use to lock it down.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card