PIX 525 Problem

[tmoncmm]

I have a problem with a pix 525 firewall that I recently aquired. I have setup multiple interfaces using NAT and PAT. Everything is working so far except communication from higher security interfaces to lower security.


inside1

192.168.0.X

security-level 100


inside2

192.168.1.X

security-level 90


I am not able to access inside2 interface from inside1. It was my understanding that the PIX allows communication to lower security level interfaces by default and access from all interfaces to outside is working.


I am new to PIX and routing in general.


Where am I going wrong?

 

[unclerico]

You need to use nat exemption or static identity nat so that traffic traversing either inside interface is not NATed

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[tmoncmm]

I'm sorry, but I am not sure what that means exactly or how to do it. I am a windows IT administrator and this is all new to me.

 

[unclerico]

no problem. easiest i think is identity nat:

static (inside1,inside2) 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
static (inside2,inside1) 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)