Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix515 traffic in problem

added a new vlan on one interface, connected a router and from pix, I can ping it

from inside the lan I try to ping the same remote router and fail. I also fail pinging to the vlan interface

ping to the internet is working

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: pix515 traffic in problem

From the lan you can only ping the inside interface of the PIX.  You cannot ping the far side interface.  This is by design not allowed.

What code are you running on the PIX? both the security levels are 100 so you need this command

same-security-traffic permit inter-interface

-KS

4 REPLIES
Cisco Employee

Re: pix515 traffic in problem

Pls. let us know clearly what the topology is. What exactly works and what breaks.

inside n/w---PIX---new-interface--router

1. from the PIX you can ping the router

2. from the inside n/w you cannot ping the router?

What is the name of the new interface? what is the security level for that? ----> dmz ?

What is the name of the inside interface and security level for that? -----------> inside ?

If the inside is higher security level than the newly created interface then you need this

Static (inside,dmz) x.x.x.x x.x.x.x netmask 255.255.255.0

where x.x.x.x is the inside network.

-KS

New Member

Re: pix515 traffic in problem

lan--inside intf--pix--new intf--router1--router2

pix can ping router2

lan fail to ping new intf, router1 & router2

new-intf security-level 100 -> E2 (one of few sub-intf on this vlan)

inside intf security-level 100 ->E1

route new-intf router2_ip 255.255.255.0 router1_ip

Cisco Employee

Re: pix515 traffic in problem

From the lan you can only ping the inside interface of the PIX.  You cannot ping the far side interface.  This is by design not allowed.

What code are you running on the PIX? both the security levels are 100 so you need this command

same-security-traffic permit inter-interface

-KS

New Member

Re: pix515 traffic in problem

worked like a charm. thanks!

146
Views
0
Helpful
4
Replies