08-02-2010 12:24 AM - edited 03-11-2019 11:19 AM
Hi. I've recently taken over the management of a Pix 515e (running 6.3) with it's interface levels set as follows
inside 100
site_1 50
site_2 50
outside 0
The issue I have is that site_1 and site_2 are now regarded as trusted sites so I need to allow comms between them. I've achieved this between inside and site_1 and inside and site_2 using translation and access rules but was wondering how best to achieve this between site_1 and site_2 given they both have the same security level, preferably without changing the level of one as there is already plenty of config on the device relating to interfaces.
Thanks, Rex
08-02-2010 01:31 AM
Same security traffic is only permitted from 7.x code in PIX. You could lower the security level for one site so that you can pass traffc or upgrade to 7.x code.
08-02-2010 02:34 AM
thanks for the reply, thought as such. Upgrading to v7 isn't an option just now as I only have remote access to the pix (the actual device is 320 miles away). What are the effects on the current config of changing one of the interfaces to a slightly different security level?
08-02-2010 04:06 AM
I just realised that my last post was a bit vague so I've attached my config. Can someone please take a look at advise on what effects changing the security level of the interface named Darlaston to 49 will have and how I can remedy? Basically I want Darlaston to communicate freely with Inside and Coventry. Sorry if this seems a basic question, Pix management isn't something I do very often. Thanks.
08-02-2010 04:21 AM
Hi, there won't be any change with regard to traffic between Darlaston , inside and outside as basically the order of security levels is still the same between the interfaces inside>Darlaston>outside. So need to make any change there. With respect to Darlaston and Coventry, Coventry is now a higher security level, so in order to initiate traffic from Darlaston to coventry we need to add an inbound access-list on Darlaston to allow traffic from lower to higher security level. Other than that the normal nat rules prevail just keeping in mind that Coventry> Darlaston wrt security levels.
08-02-2010 04:26 AM
Brilliant. Thanks very much, makes sense. I'll crack on with that and let you know how I get on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide