Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
2
Replies

Traffic on logical interface travels on physical interface

joch2joch
Level 1
Level 1

‎03-14-2006 10:16 AM - edited ‎03-09-2019 02:15 PM

Hi,

I am experiencing a weird problem on my PIX525. I defined a logical interface on one of my physical interfaces (see below):

-------------------------------

interface ethernet5 auto

interface ethernet5 vlan201 physical

interface ethernet5 vlan301 logical

nameif ethernet5 xprod1 security89

nameif vlan301 xe2estg1 security49

ip address xprod1 10.172.16.254 255.255.254.0

ip address xe2estg1 10.172.24.254 255.255.254.0

-------------------------------

We have remote VPN users (10.10.100.0; using Cisco VPN client) that needs to access servers in the 10.172.16.0 segment.

Whenever we performed ICMP echo from the remote users, I noticed that traffic from 10.172.16.0 was actually returning on the 10.172.24.0 interface!

This forced me to add a NAT rule on the 10.172.24.0 interface to allow remote users to ping devices on the 10.172.16.0 segment (see below)

-------------------------------

access-list nonatxe2estg1 permit ip 10.172.16.0 255.255.254.0 10.10.100.0 255.255.255.0

access-list nonatxe2estg1 permit ip 10.172.24.0 255.255.254.0 10.10.100.0 255.255.255.0

nat (xe2estg1) 0 access-list nonatxe2estg1

-------------------------------

Does anyone know why this is happening?

Need help urgently, thank you!!!!!

Joe

Labels:
0 Helpful
2 Replies 2

Patrick Iseli
Level 7
Level 7

‎03-14-2006 10:23 AM

have you added the command ?

Enables access to an internal management interface on the firewall.

[no] management-access mgmt_if

show management-access

Syntax Description

mgmt_if

The name of the firewall interface to be used as the internal management interface.

Defaults

None.

Command Modes

The management-access mgmt_if command is available in configuration mode.

The show management-access is available in privileged mode.

Usage Guidelines

The management-access mgmt_if command enables you to define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The firewall interface names are defined by the nameif command and displayed in quotes, " ", in the show interface output.)

In PIX Firewall software Version 6.3, this command is supported for the following through an IPSec VPN tunnel only, and only one management interface can be defined globally:

•SNMP polls to the mgmt_if

•HTTPS requests to the mgmt_if

•PDM access to the mgmt_if

•Telnet access to the mgmt_if

•SSH access to the mgmt_if

•Ping to the mgmt_if

The show management-access command displays the firewall management access configuration.

Examples

The following example shows how to configure a firewall interface named "inside" as the management access interface:

pixfirewall(config)# management-access inside

pixfirewall(config)# show management-access

management-access inside

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1137951

sincerely

Patrick

0 Helpful

joch2joch
Level 1
Level 1
In response to Patrick Iseli

‎03-14-2006 08:11 PM

Umm...doesn't sound related to my question, but thanks for the info anyway :)

0 Helpful
Customers Also Viewed These Support Documents