Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix same security level

Dear All,

pix accepts giving same security level to 2 different interfaces. for example,

etho int1 inside security100

eht1 int2 outside security0

eth2 int3 dmz1 security20

eth3 int4 dmz2 security20

now wht will happen, can dmz1 and dmz2 communicate ?

r wht kind of problems we face with this configuration

any thoughts on this....

Thanks in advance

Nataraj

1 REPLY
New Member

Re: pix same security level

On Pix 7, use:

same-security-traffic permit inter-interface

-or-

same-security-traffic permit intra-interface

I am pretty sure that pix 6.x permits assigning the same sec level to interfaces, but they cannot communicate with each other. So, if you have servers in DMZ1 that need to talk to Servers in DMZ2 and you are running pix 6.x, then I dont think it is possible.

hth,

Paul

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b7c.html#wp1039276 See "Allowing Communication Between Interfaces on the Same Security Level"

119
Views
0
Helpful
1
Replies
CreatePlease login to create content