Привет uanog,
Есть PIX с несколькими интерфейсами, с одинаковыми security
PIX Version 7.0(4)
!
interface Ethernet0
nameif inside1
security-level 100
ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2
!
[dd]
!
interface Ethernet2
nameif inside2
security-level 100
ip address 192.168.12.1 255.255.255.0 standby 192.168.12.2
!
interface Ethernet3
nameif inside3
security-level 100
ip address 192.168.13.2 255.255.255.0 standby 192.168.13.3
!
[dd]
same-security-traffic permit inter-interface
[dd]
nat (inside1) 1 0.0.0.0 0.0.0.0
nat (inside2) 1 0.0.0.0 0.0.0.0
nat (inside3) 1 0.0.0.0 0.0.0.0
[dd]
access-group OUT_TO_IN in interface outside (больше ACL ни на каком
интерфейсе не висят)
Вопрос заключается в том, какой доке верить?
Одна говорит
Two interfaces at same level can't send packets to each
other. Connections and traffic are normally permitted from higher to
lower security level interfaces. Connections the other way (from
low to high security) are disallowed unless the configuration
explicitly permits them.
Другая говорит
Allowing communication between same security interfaces provides the
following benefits:
• .....
• You want traffic to flow freely between all same security
interfaces without access lists.
[dd]
To enable interfaces on the same security level so that they can
communicate with each other, enter the following command:
hostname(config)# same-security-traffic permit inter-interface
C выше приведенным конфигом, трафик из одной inside сети не ходит в
другую.
Спасибо.
--
С уважением, мазай.
MAZ-RIPE mailto:rassylkaformazaj@ukr.net
===================================================================
uanog mailing list.
To Unsubscribe: send mail to majordomo(a)uanog.kiev.ua
with "unsubscribe uanog" in the body of the message