Re: How is the security level works in the VLAN interface??
Always remember that the PIX does not open up holes for returning ICMP traffic like it does with TCP/UDP, so testing connectivity with pings is fraught with danger.
To make the PIX inspect ICMP packets and open up holes for the replies, add the command:
fixup inspect icmp
into your config, you will probably find you can then ping through it.
Note that you can ping outside hosts because you have the following configured:
access-list acl_out permit icmp any any
access-group acl_out in interface outside
which allows the ICMP replies back in the outside interface, even though they haven't been inspected. If you add the above command you can actually remove this access-list and still be able to ping outside.
Oh, and for the record, security levels for logical interfaces work exctly the same way as they do for physical interfaces. Your config seems correct, I think it's just that you're not inspecting ICMP's is the cause of your problem.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...