Same Security Level on PIX

douglashui · ‎06-16-2006

Dear all,

I have a pix with 5 ethernet interface and the version is 7.0.

When I use no security level on the interface, the security level change to 0. Can I configure all the interface with security level 0?

If I configure all interface to security level 0. I cannot telnet to the PIX via any interface. Is there any solution?

Thanks.

C.K.

ph0enix · ‎06-17-2006

Telnet is not allowed on interfaces with security level 0. You can configure ssh on those interfaces instead. Older versions of PIX didn't allow for two interfaces to be set to the same level - if I recall that's a new feature in PIX7 - it's there in case you have two internal segments that need to talk to each other. 0 is normally used on the outside interface. It doesn't make sense to set all int's to 0, if you ask me. Can you explain what you're trying to accomplish?

Fernando_Meza · ‎06-17-2006

Telnet is not allowed to the lowest security interface UNLESS you are connecting over an Ipsec Tunnel. Otherwise you need to configure ssh.

crypto key generate rsa modulus 1024

write mem

ssh 255.255.255.0 inside

where subnet is the subnet(s) located behind the inside interface. You can put as many ssh instructions as you need pointing to the respective interface ..

You can get communication between interfaces of the same security level by entering the below command.

same-security-traffic permit inter-interface

I hope it helps .. please rate it if it does !!!