I have a PIX 515e, and I have two subnets on it. One has been there forever(192.42.45.x) and the other was just implemented. The problem is the new subnet(192.168.200.x) cannot be reached from the old subnet. Guessing I need ACL's or something, but the ones I tried(permit all to/from) didn't seem to work. Any thoughts? These networks are both on a seperate interface. Thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Quick 515e question
- Thread starter jpopa
- Start date
- Thread starter
- #2
Here's some more info.
Relevant config info
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 phonelan security90
ip address inside 192.42.45.251 255.255.255.0
ip address phonelan 192.168.200.251 255.255.255.0
access-list phone permit ip any any
access-group phone in interface phonelan
Methinks that should be about it. I've enabled the interface, named it and applied a security level, assigned an IP address, and created an access list to allow traffic coming into the phonelan interface to access whatever it wants. Lemme know what I'm missing, thanks
Relevant config info
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 phonelan security90
ip address inside 192.42.45.251 255.255.255.0
ip address phonelan 192.168.200.251 255.255.255.0
access-list phone permit ip any any
access-group phone in interface phonelan
Methinks that should be about it. I've enabled the interface, named it and applied a security level, assigned an IP address, and created an access list to allow traffic coming into the phonelan interface to access whatever it wants. Lemme know what I'm missing, thanks
boymarty24
Technical User
You also need to add some adress translation, otherwise you dont have any connection.
And goin from a higher to lower interface security requires no access-list, traffic will be allowed by default.
And goin from a higher to lower interface security requires no access-list, traffic will be allowed by default.
- Status
Similar threads
- Locked
- Question