cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
305
Views
0
Helpful
1
Replies

pix same security level

nataraj_v
Level 1
Level 1

Dear All,

pix accepts giving same security level to 2 different interfaces. for example,

etho int1 inside security100

eht1 int2 outside security0

eth2 int3 dmz1 security20

eth3 int4 dmz2 security20

now wht will happen, can dmz1 and dmz2 communicate ?

r wht kind of problems we face with this configuration

any thoughts on this....

Thanks in advance

Nataraj

1 Reply 1

packetflood
Level 1
Level 1

On Pix 7, use:

same-security-traffic permit inter-interface

-or-

same-security-traffic permit intra-interface

I am pretty sure that pix 6.x permits assigning the same sec level to interfaces, but they cannot communicate with each other. So, if you have servers in DMZ1 that need to talk to Servers in DMZ2 and you are running pix 6.x, then I dont think it is possible.

hth,

Paul

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b7c.html#wp1039276 See "Allowing Communication Between Interfaces on the Same Security Level"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: