pix 515: traffic between vlans

Discussion in 'Cisco' started by Young Neil, Apr 4, 2006.

  1. Young Neil

    Young Neil Guest

    We have a Cisco Pix 515 with several VLANs that has been up and running
    for about a year now. Lately there has been a demand for traffic
    between some of the VLANs.

    I do not have any experience with that kind of configuration, so I took
    a look in the ASDM, and surely enough, there was a function called
    "traffic between VLANs with the same security level".

    But where do I go from here? Do I need dedicated access-lists or what?
    Needless to say there is no traffic between the VLANs now.... Any help
    apriciated.....


    BG
     
    Young Neil, Apr 4, 2006
    #1
    1. Advertising

  2. In article <>,
    Young Neil <> wrote:
    >We have a Cisco Pix 515 with several VLANs that has been up and running
    >for about a year now. Lately there has been a demand for traffic
    >between some of the VLANs.


    >I do not have any experience with that kind of configuration, so I took
    >a look in the ASDM, and surely enough, there was a function called
    >"traffic between VLANs with the same security level".


    >But where do I go from here? Do I need dedicated access-lists or what?
    >Needless to say there is no traffic between the VLANs now.... Any help
    >apriciated.....


    Usually, the VLANs will be attached to interfaces that have different
    security levels. Once the virtual interface is created, treat access
    to it exactly the same way you would access to a physical interface
    that happened to have that security level -- i.e., the rules
    still apply that if you have no access-group then access is permitted
    to lower security interfaces, and if you do have an access-group
    then access is permitted according to the access-list. Each access-list
    applied "in" an interface should be defined in terms of the IP
    addresses as known "outside" that interface.

    The only "dedicated" information you might need is for translations
    between the different virtual interfaces, following exactly the
    same rules as for physical interfaces: source IPs being affected
    when going to a lower security interface, and destination IPs being
    affected when going to a higher security interface.
    "static" commands are interface-pair specific, and the combination
    of nat/global pairs can be interface-pair specific.
     
    Walter Roberson, Apr 4, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Townsend
    Replies:
    8
    Views:
    721
    Roman Nakhmanson
    Feb 22, 2006
  2. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,751
    Vikas
    May 25, 2006
  3. Jeff
    Replies:
    5
    Views:
    1,115
  4. Bob Simon
    Replies:
    0
    Views:
    516
    Bob Simon
    Feb 11, 2007
  5. RichW
    Replies:
    2
    Views:
    806
    RichW
    Mar 1, 2009
Loading...

Share This Page