https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271052#M816453 <HTML><HEAD></HEAD><BODY><P>Stefano,</P><P></P><P>The PIX will not act as a router, it will not accept traffic from and interface and route is back out of the same interface.</P><P></P><P>HTH&gt;</P></BODY></HTML> Wed, 21 Oct 2009 08:06:00 GMT andrew.prince 2009-10-21T08:06:00Z https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271051#M816443 <P>Hi ,</P><P> I have a customer which has a PIX 6.x .</P><P>We added an internal network behind another router .</P><P> Clients have the pix as DG , and we wish not to chage it .</P><P> We've added routing info on the pix and set the PIX as DG of the additional router .</P><P> We know that by default pix does not route on the same interface and that on PIX7.x the command </P><P>same-security-traffic permit intra-interface</P><P> can be used to solve the issue .</P><P></P><P>I'd like to know if it would work on Pix 6.x as well or if we have to update it.</P><P></P><P>thanks </P><P>Stefano</P><P> </P> Mon, 11 Mar 2019 16:28:30 GMT https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271051#M816443 s_colombo 2019-03-11T16:28:30Z https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271052#M816453 <HTML><HEAD></HEAD><BODY><P>Stefano,</P><P></P><P>The PIX will not act as a router, it will not accept traffic from and interface and route is back out of the same interface.</P><P></P><P>HTH&gt;</P></BODY></HTML> Wed, 21 Oct 2009 08:06:00 GMT https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271052#M816453 andrew.prince 2009-10-21T08:06:00Z https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271053#M816462 <HTML><HEAD></HEAD><BODY><P>Hi Andrew </P><P>I found this doc which seems related to my environment</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml</A></P><P></P></BODY></HTML> Wed, 21 Oct 2009 08:41:18 GMT https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271053#M816462 s_colombo 2009-10-21T08:41:18Z https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271054#M816484 <HTML><HEAD></HEAD><BODY><P>Yes - my error, I did not read in your original post the other ip subnet was behind another router - my mistake.</P><P></P><P>Re-reading your post again, no the option for inter-interface communication is not available on code 6.3(x) you need to upgrade to either 7.x or 8.x for that functionality.</P><P></P><P>Sorry for the confusion.</P></BODY></HTML> Wed, 21 Oct 2009 10:39:04 GMT https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271054#M816484 andrew.prince 2009-10-21T10:39:04Z https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271055#M816503 <HTML><HEAD></HEAD><BODY><P>As the other poster mentioned, this is not possible on Pix 6. Even in Pix 7/8 with "same-security-traffic permit intra-interface" you still need to make sure that the return traffic is also routed through the Pix, so you'll need to do some fancy NAT.</P><P></P><P>You mentioned that "Clients have the pix as DG , and we wish not to chage it". Do you mean that you want the traffic to be firewalled (in that case, consider adding an interface to the Pix) or that you do not want to re-configure all the clients? In the latter case, you could simply swap the ip addresses of the router and the Pix?</P><P></P><P></P></BODY></HTML> Wed, 21 Oct 2009 13:01:09 GMT https://community.cisco.com/t5/network-security/intra-interface-traffic/m-p/1271055#M816503 Herbert Baerten 2009-10-21T13:01:09Z