Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Intra-interface traffic

Hi ,

I have a customer which has a PIX 6.x .

We added an internal network behind another router .

Clients have the pix as DG , and we wish not to chage it .

We've added routing info on the pix and set the PIX as DG of the additional router .

We know that by default pix does not route on the same interface and that on PIX7.x the command

same-security-traffic permit intra-interface

can be used to solve the issue .

I'd like to know if it would work on Pix 6.x as well or if we have to update it.

thanks

Stefano

4 REPLIES

Re: Intra-interface traffic

Stefano,

The PIX will not act as a router, it will not accept traffic from and interface and route is back out of the same interface.

HTH>

New Member

Re: Intra-interface traffic

Hi Andrew

I found this doc which seems related to my environment

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

Re: Intra-interface traffic

Yes - my error, I did not read in your original post the other ip subnet was behind another router - my mistake.

Re-reading your post again, no the option for inter-interface communication is not available on code 6.3(x) you need to upgrade to either 7.x or 8.x for that functionality.

Sorry for the confusion.

Cisco Employee

Re: Intra-interface traffic

As the other poster mentioned, this is not possible on Pix 6. Even in Pix 7/8 with "same-security-traffic permit intra-interface" you still need to make sure that the return traffic is also routed through the Pix, so you'll need to do some fancy NAT.

You mentioned that "Clients have the pix as DG , and we wish not to chage it". Do you mean that you want the traffic to be firewalled (in that case, consider adding an interface to the Pix) or that you do not want to re-configure all the clients? In the latter case, you could simply swap the ip addresses of the router and the Pix?

257
Views
0
Helpful
4
Replies
CreatePlease to create content