10-10-2006 05:44 PM - edited 03-09-2019 04:28 PM
Hi,
We have multiple subints with the same security level, and we are wanting to allow certain traffic between only two of them (So I cannot enable "same-security-traffic permit inter-interface")
I currently have the following:
interface Ethernet1.806
vlan 806
nameif DFLAN
security-level 50
ip address 172.16.4.1 255.255.255.0
interface Ethernet1.808
vlan 808
nameif ISELL_WEB
security-level 50
ip address 172.16.6.1 255.255.255.0
The "actual" networks for each interface are(The Pix connects to a router, which then connects to the two networks):
192.168.1.0/24 (DFLAN)
192.168.102.0/24 (ISELL_WEB)
route DFLAN 192.168.1.0 255.255.255.0 172.16.4.2 1
route ISELL_WEB 192.168.102.0 255.255.255.0 172.16.6.2 1
static (DFLAN,ISELL_WEB) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (ISELL_WEB,DFLAN) 192.168.102.0 192.168.102.0 netmask 255.255.255.0
It currently does not work - Is there anything additional that I must do to alllow communications between the two networks?(ACL's?)
10-10-2006 06:34 PM
Hi .. you need same-security-traffic permit inter-interface otherwise you can't communicate. You can control the traffic by adding entries on the access list applied to the respective interfaces but again you need to enable same security flow first
I hope it helps .. please rate it if it does !!!
10-10-2006 06:50 PM
Hmm - So there's no other way to allow two ints with the same security level to communicate without enabling "same-security-traffic permit inter-interface" - Be nice if you enable it on a per-int level, rather than globally.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide