Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

two inside interfaces talking to one another?

I am trying to get 2 inside interfaces on a PIX 515E to talk to one another. (These networks need to have any-any type connectivity to each other)

I know on 7.X all you should have to do is create them with the same security level and do a:

same-security-traffic permit inter-interface

However, I am running 6.3 and cant upgrade due to memory to 7.X

Here is what I have

ETH0 Outside interface (nat pool) security level 0 (X.X.X.X - Outside/Internet)

ETH1 Inside interface security level 100 (192.168.5.0/24) (Inside space 1)

ETH1 Inside2 interface (VLAN3) security level 99 (192.168.6.0/23) (Inside space 2)

I can get the inside (192.168.5.X) to talk to inside2 (192.168.6.X) by doing a

access-list inside_outbound_nat0_acl permit ip 192.168.5.0 255.255.255.0 192.168.6.0 255.255.254.0

nat (inside) 0 access-list inside_outbound_nat0_acl

But I can't for the life of me get inside2 (192.168.6.X) to talk to inside (192.168.5.X)

3 REPLIES
New Member

Re: two inside interfaces talking to one another?

Here is a picture of what I am trying to do...

Re: two inside interfaces talking to one another?

Tom,

Try the below

static (Inside2,Inside) 192.168.6.0 192.168.6.0 netmask 255.255.255.00

Or

access-list inside2_outbound_nat0_acl permit ip 192.168.6.0 255.255.254.0 192.168.5.0 255.255.255.0

nat (inside2) 0 access-list inside2_outbound_nat0_acl

And of course - if as Inside2 will have a lower security level - make sure you are allowing via and ACL traffic from Inside2 to Inside?

HTH.

New Member

Re: two inside interfaces talking to one another?

Thanks for the pointer...

What I ended up doing was:

access-list inside2_vlan3_access_in permit ip 192.168.6.0 255.255.254.0 192.168.5.0 255.255.255.0

access-group inside2_vlan3_access_in in interface inside2_vlan3

static (inside,inside2_vlan3) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

access-list inside2_vlan3_access_in permit ip 192.168.6.0 255.255.254.0 any

193
Views
4
Helpful
3
Replies
CreatePlease to create content