https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263863#M594045 <HTML><HEAD></HEAD><BODY><P>Having 2 interfaces with the same security level is an unsupported configuration.</P><P></P><P>Why do you want two interfaces to respond the same way? </P><P></P><P></P></BODY></HTML> Fri, 12 Mar 2004 12:39:50 GMT mostiguy 2004-03-12T12:39:50Z https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263862#M594044 <P>Hello,</P><P></P><P>A customer have a PIX 515E with two interfaces with security0 (ethernet0 and ethernet4 for example).</P><P>How can we have this PIX having those 2 interfaces the same way to response to TCP packet asking to open a not-open-port on those 2 PIX interfaces ?</P><P> </P><P>I would like the ethernet4 having the same to respond when receiving a TCP SYN packet for TCP port as 25, or 23.</P><P>The destination IP address is the one of the ethernet4 interface, and the destination TCP port isn't opened.</P><P></P><P>Is there a link with all difference between ethernet0 and any other interface.</P><P></P><P>Can we use any non-ethernet0 interface with security0 to be used as the outside world ? </P><P></P><P>Thank you for your explaination and links.</P><P>Regards,</P><P></P> Fri, 21 Feb 2020 07:17:23 GMT https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263862#M594044 jabouaf 2020-02-21T07:17:23Z https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263863#M594045 <HTML><HEAD></HEAD><BODY><P>Having 2 interfaces with the same security level is an unsupported configuration.</P><P></P><P>Why do you want two interfaces to respond the same way? </P><P></P><P></P></BODY></HTML> Fri, 12 Mar 2004 12:39:50 GMT https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263863#M594045 mostiguy 2004-03-12T12:39:50Z https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263864#M594046 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Well I think that:</P><P>One way to have no communication between two interfaces can be done by giving them the same security level. Traffic can go from securityA interface to security(A-1) interface without doing anything. </P><P>Communication is only possible between a lower to a higger or a higger to a lower security level.</P><P></P><P>MAybe I'm wrong, so if you can argu, this could help me.</P><P>Do you have any link about that two interfaces can NOT have the same security level ? Maybe I m bad thinking that it is possible.</P><P></P><P>PIX release 6.3.3 on a PIX515E with 6 interfaces do accept the commandes.</P><P></P><P>Anyway, two interfaces having the same configuration should act the same way to any same packets received. This is right for a router !</P><P></P><P>Anyway, we could have two providers links on the same PIX. In fact I do not know yet why the customer uses 2 interfaces as "ouside world", but the sniffer traces show me that those two interfaces do not response the same way when receiving a telnet initiation packet for example TCP port 25 or 23.</P><P>The less then basic configuration is the same. I just move the IP address and the "outside" cable form one interface to the other one.</P><P>No command with an explicite interface name, excepted a SSH permit command (to reach the PIX from an outside link).</P><P>So only port 22 is opened on those two interfaces.</P><P> </P><P></P><P>Regards,</P><P></P></BODY></HTML> Fri, 12 Mar 2004 13:19:11 GMT https://community.cisco.com/t5/network-security/pix-with-two-interfaces-with-security0/m-p/263864#M594046 jabouaf 2004-03-12T13:19:11Z