Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
2
Replies

Pinging Issues through 5520

danbowencisco
Level 1
Level 1

‎01-26-2012 03:04 AM - edited ‎03-11-2019 03:19 PM

Hi Everyone,

Im building a Cisco 5520 with a two physical interfaces and 6 or so sub-interfaces. We have G0/0 (broken down into the sub-interfaces) and G0/1 (not sub-interfaced). I have the ACL's in place and I can ping through the devices from one sub-interface to the physical (outside) interface, but only when the physical is set to security level 90 - when it is at 100 (as the source interface is), it doesnt get through.

This is my config:

ACL's

access-list Outside-OUT extended permit icmp any any log

access-list NMS-IN extended permit ip any any log

access-list Outside-IN extended permit ip any any log

access-list NMS-OUT extended permit ip any any log

access-group NMS-IN in interface NMS

access-group NMS-OUT out interface NMS

access-group Outside-IN in interface Outside

access-group Outside-OUT out interface Outside

Interfaces

interface GigabitEthernet0/0.224

description NMS

vlan 224

nameif NMS

security-level 100

ip address 10.11.120.226 255.255.255.240

interface GigabitEthernet0/1

description Outside

nameif Outside

security-level 90

ip address 10.11.121.1 255.255.255.240

Works like this - as soon as I set G0/1 to security level 100, it doesnt work.

Any ideas?

Thanks,

Dan

Labels:
0 Helpful
2 Replies 2

danbowencisco
Level 1
Level 1

‎01-26-2012 03:38 AM

Its ok, worked it out.

same-security interface command .

Thanks,


Dan

0 Helpful

danbowencisco
Level 1
Level 1
In response to danbowencisco

‎01-26-2012 05:11 AM

However, shouldnt I be able to ping through with relevant ACL's. without the same-security command - as that just seems to bypass the ACL?

These are my ACL's

access-list Outside-OUT extended permit icmp host 10.11.120.227 host 10.11.121.3 echo-reply log

access-list Outside-OUT extended permit icmp any any log

access-list Outside-OUT extended permit ip any any log

access-list NMS-IN extended permit icmp host 10.11.120.227 host 10.11.121.3 echo log

access-list NMS-IN extended permit icmp any any log

access-list NMS-IN extended permit ip any any log

access-list NMS-OUT extended permit icmp host 10.11.121.3 host 10.11.120.227 echo-reply log

access-list NMS-OUT extended permit icmp any any log

access-list NMS-OUT extended permit ip any any log

access-list Outside-IN extended permit icmp host 10.11.121.3 host 10.11.120.227 echo-reply

access-list Outside-IN extended permit icmp any any log

access-list Outside-IN extended permit ip any any log

I get 0 hits on them when the same security command is in place, but it works - when I take the same security command off, I get no hits and it doesnt work????

Dan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card