Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX 6.3 communication between two interface with same security level

I have one PIX 515 with version 6.3. I found the traffic can not go through between two interface with same security level (the output of show nameif)

nameif ethernet3 dmz_3 security20

nameif ethernet4 dmz_4 security20

anyone can help ?

if i chnage one interface security , have it any impact?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX 6.3 communication between two interface with same securi

Oops,

Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e

static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240

I hope it helps .. please rate it if it does !!!

6 REPLIES

Re: PIX 6.3 communication between two interface with same securi

HI .. yes you are correct 6.X version does not support it but code 7.X does.

By changing the security priority it might definetely impact the configuration .. please post the config without passwords .. etc to ahve a look at and please lete us know whihc is the zone you would like to change the security level

New Member

Re: PIX 6.3 communication between two interface with same securi

Thanks for your reply

i have six interface,the security level as below

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz_1 security25

nameif ethernet3 dmz_3 security20

nameif ethernet4 dmz_4 security20

nameif ethernet5 dmz_5 security25

then,As my plan that the traffic can communicate between dmz3 and dmz4. so i would like change the dmz4's security level to 15. i think this change will not affect other zone(inside, dmz1,dmz5) communicate with dmz4 since their secrity level was high than dmz4.

P.S for acl of dmz3 and dmz4, it were all any any.

but do this change will affect the current traffic was exist in pix (I have two pix wiht failover)

New Member

Re: PIX 6.3 communication between two interface with same securi

please find the configuration file in attachment

Re: PIX 6.3 communication between two interface with same securi

Oops,

Apologize for the late reply .. I was off-line for a few days .. yes that change should be OK. Just make sure the any access-list applied to DMZ_3 and DMZ_4 interfaces allowed the respective traffic. You might also need to add a static transaltion if you want traffic initiated from DMZ_4 to reach DMZ_3 i ..e

static (DMZ_3,DMZ_4) 172.22.110.0 172.22.110.0 netmask 255.255.255.240

I hope it helps .. please rate it if it does !!!

New Member

Re: PIX 6.3 communication between two interface with same securi

I have done this change before your reply, so far so good. anyway, many thanks for your kindly helpful :):)

New Member

Re: PIX 6.3 communication between two interface with same securi

7.2.2 is still a better one

350
Views
0
Helpful
6
Replies
CreatePlease to create content