Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Pix Inside Port Problem

I am having a PIX515 model with inside and outside interface and 6.0version in it.

I inside interface is having problem.

can i have the same functionality of the pix if inside port is disabled and with other interfaces working.

how should i configure the pix if inside port is not working

3 REPLIES
Silver

Re: Pix Inside Port Problem

you should be able to make another physical interface the inside interface. You cannot rename it, or change the inside ints security number from 100, but I am pretty certain you can assign it to a different physical interface

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#1026054

Community Member

Re: Pix Inside Port Problem

Thanks for the response,

but i am not able to go the above link

could you please send me the page to satheesh.kiran@portalplayer.com

Thanks in advance

Silver

Re: Pix Inside Port Problem

nameif

Name interfaces and assign security level.

nameif {hardware_id | vlan_id} if_name security_level

clear nameif

show nameif

Syntax Description

hardware_id

The hardware name for the network interface that specifies the interface's slot location on the PIX Firewall motherboard. For more information on PIX Firewall hardware configuration, refer to the Cisco PIX Firewall Hardware Installation Guide.

A logical choice for an Ethernet interface is ethernetn. These names can also be abbreviated with any leading characters in the name, for example, ether1 or e2.

if_name

A name for the internal or external network interface of up to 48 characters in length. By default, PIX Firewall names the inside interface "inside," the outside interface "outside," and any perimeter interface "intfn" where n is 2 through 5.

security_level

Enter 0 for the outside network or 100 for the inside network. Perimeter interfaces can use any number between 1 and 99. By default, PIX Firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first perimeter interface is initially set to security10, the second to security15, the third to security20, and the fourth perimeter interface to security25 (a total of 6 interfaces are permitted, with a total of 4 perimeter interfaces permitted). The word security in this command can also be abbreviated as sec, for example sec10.

For access from a higher security to a lower security level, nat and global commands or static commands must be present. For access from a lower security level to a higher security level, static and access-list commands must be present.

Interfaces with the same security level cannot communicate with each other. We recommend that every interface have a unique security level.

vlan_id

The VLAN identifier. For example: vlan10, vlan20, etc. (vlan_id is configured with the interface command.)

Command Modes

Configuration mode.

Usage Guidelines

The nameif command lets you assign a name to an interface. You can use this command to assign interface names if you have more than two network interface circuit boards in your PIX Firewall. The first two interfaces have the default names inside and outside. The inside interface has a default security level of 100, the outside interface has a default security level of 0. The clear nameif command reverts nameif command statements to default interface names and security levels.

Use nameif hardware_id if_name security_level to set name of a physical interface and use the nameif vlan_id if_name security_level command to set the name of a logical interface. Physical interfaces are one per each NIC, in place at boot time, and non-removable. Logical interfaces can be many-to-one for each NIC, are created at run time, and can be removed through software reconfiguration.

Usage Notes

1. If you change the hardware_id of the outside interface; for example, from ethernet0 to ethernet1, PIX Firewall changes every reference to the outside interface in your configuration to inside, which can cause problems with route, ip, and other command statements that affect the flow of traffic through the PIX Firewall.

2. After changing a nameif command, use the clear xlate command.

3. The inside interface cannot be renamed or given a different security level. The outside interface can be renamed, but not given a different security level.

4. An interface is always "external" with respect to another interface that has a higher security level.

Examples

The following example shows how to use the nameif hardware_id if_name security_level command:

nameif ethernet2 perimeter1 sec50

nameif ethernet3 perimeter2 sec20

The following example shows how to use the nameif vlan_id if_name security_level command:

nameif vlan10 perimeter3 sec10

The following example is a configuration that uses both physical and VLAN interfaces:

nameif ethernet0 outside security0

nameif ethernet1 intf6 security90

nameif ethernet2 dmz security50

nameif vlan4 intf4 security10

nameif vlan5 intf5 security10

nameif vlan10 intf5 security10

96
Views
0
Helpful
3
Replies
CreatePlease to create content