Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Same Security Level on PIX

Dear all,

I have a pix with 5 ethernet interface and the version is 7.0.

When I use no security level on the interface, the security level change to 0. Can I configure all the interface with security level 0?

If I configure all interface to security level 0. I cannot telnet to the PIX via any interface. Is there any solution?

Thanks.

C.K.

2 REPLIES
New Member

Re: Same Security Level on PIX

Telnet is not allowed on interfaces with security level 0. You can configure ssh on those interfaces instead. Older versions of PIX didn't allow for two interfaces to be set to the same level - if I recall that's a new feature in PIX7 - it's there in case you have two internal segments that need to talk to each other. 0 is normally used on the outside interface. It doesn't make sense to set all int's to 0, if you ask me. Can you explain what you're trying to accomplish?

Re: Same Security Level on PIX

Telnet is not allowed to the lowest security interface UNLESS you are connecting over an Ipsec Tunnel. Otherwise you need to configure ssh.

crypto key generate rsa modulus 1024

write mem

ssh 255.255.255.0 inside

where subnet is the subnet(s) located behind the inside interface. You can put as many ssh instructions as you need pointing to the respective interface ..

You can get communication between interfaces of the same security level by entering the below command.

same-security-traffic permit inter-interface

I hope it helps .. please rate it if it does !!!

233
Views
0
Helpful
2
Replies
CreatePlease login to create content