Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix515 (7.0(2)) - Allow access between same security level ints.

Hi,

We have multiple subints with the same security level, and we are wanting to allow certain traffic between only two of them (So I cannot enable "same-security-traffic permit inter-interface")

I currently have the following:

interface Ethernet1.806

vlan 806

nameif DFLAN

security-level 50

ip address 172.16.4.1 255.255.255.0

interface Ethernet1.808

vlan 808

nameif ISELL_WEB

security-level 50

ip address 172.16.6.1 255.255.255.0

The "actual" networks for each interface are(The Pix connects to a router, which then connects to the two networks):

192.168.1.0/24 (DFLAN)

192.168.102.0/24 (ISELL_WEB)

route DFLAN 192.168.1.0 255.255.255.0 172.16.4.2 1

route ISELL_WEB 192.168.102.0 255.255.255.0 172.16.6.2 1

static (DFLAN,ISELL_WEB) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

static (ISELL_WEB,DFLAN) 192.168.102.0 192.168.102.0 netmask 255.255.255.0

It currently does not work - Is there anything additional that I must do to alllow communications between the two networks?(ACL's?)

2 REPLIES

Re: Pix515 (7.0(2)) - Allow access between same security level i

Hi .. you need same-security-traffic permit inter-interface otherwise you can't communicate. You can control the traffic by adding entries on the access list applied to the respective interfaces but again you need to enable same security flow first

I hope it helps .. please rate it if it does !!!

New Member

Re: Pix515 (7.0(2)) - Allow access between same security level i

Hmm - So there's no other way to allow two ints with the same security level to communicate without enabling "same-security-traffic permit inter-interface" - Be nice if you enable it on a per-int level, rather than globally.

103
Views
0
Helpful
2
Replies
CreatePlease to create content