Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Traffic on logical interface travels on physical interface


I am experiencing a weird problem on my PIX525. I defined a logical interface on one of my physical interfaces (see below):


interface ethernet5 auto

interface ethernet5 vlan201 physical

interface ethernet5 vlan301 logical

nameif ethernet5 xprod1 security89

nameif vlan301 xe2estg1 security49

ip address xprod1

ip address xe2estg1


We have remote VPN users (; using Cisco VPN client) that needs to access servers in the segment.

Whenever we performed ICMP echo from the remote users, I noticed that traffic from was actually returning on the interface!

This forced me to add a NAT rule on the interface to allow remote users to ping devices on the segment (see below)


access-list nonatxe2estg1 permit ip

access-list nonatxe2estg1 permit ip

nat (xe2estg1) 0 access-list nonatxe2estg1


Does anyone know why this is happening?

Need help urgently, thank you!!!!!



Re: Traffic on logical interface travels on physical interface

have you added the command ?

Enables access to an internal management interface on the firewall.

[no] management-access mgmt_if

show management-access

Syntax Description


The name of the firewall interface to be used as the internal management interface.



Command Modes

The management-access mgmt_if command is available in configuration mode.

The show management-access is available in privileged mode.

Usage Guidelines

The management-access mgmt_if command enables you to define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The firewall interface names are defined by the nameif command and displayed in quotes, " ", in the show interface output.)

In PIX Firewall software Version 6.3, this command is supported for the following through an IPSec VPN tunnel only, and only one management interface can be defined globally:

•SNMP polls to the mgmt_if

•HTTPS requests to the mgmt_if

•PDM access to the mgmt_if

•Telnet access to the mgmt_if

•SSH access to the mgmt_if

•Ping to the mgmt_if

The show management-access command displays the firewall management access configuration.


The following example shows how to configure a firewall interface named "inside" as the management access interface:

pixfirewall(config)# management-access inside

pixfirewall(config)# show management-access

management-access inside




New Member

Re: Traffic on logical interface travels on physical interface

Umm...doesn't sound related to my question, but thanks for the info anyway :)

CreatePlease to create content