Even though the PIX is not a true router, with 6.3 version of OS, PIX supports Vlans and you can assign IP addresses to each vlan configured. Does the PIX truly route between these vlans ?
When logical VLAN interfaces are created, a security value is also assigned (between 0 and 100) to that vlan.When communication occurs from one vlan (with security 50) to another vlan (with security 40) or the inside physical interface (with security 0), do we have to configure an access-list and apply it to the higher security interface, to permit the packets to pass through ?
I am trying to use PIX as the default gateway for devices. I have one vlan configured on the inside interface with security 90. An IP address each, has been configured on the vlan as well as on the inside interface. I can ping devices in either vlans from the PIX. But cannot ping from device to device.
Tried configuring an access-list which permits ping packets and applied it, inbound on the vlan interface. Still the ping is not working. Any ideas ??
(Note that there is no default gateway issues on the devices. Also each device can ping their respective default gateways - that is the ip addresses configured on the pix)
What your trying to do will work, however keep in mind that all the associated problems with any router on a stick configuration will apply :-)
You will need access-lists to allow lower security interfaces to access higher security interfaces just as if they were physical interfaces, and you will likewise need to set up nat translations to allow the traffic to pass between interfaces. From what you have written, I suspect a check of your PIX logs will show a low of translation failed messages.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...