command equivalent in PIX version 6.3 for the version 7.x command: same-security-traffic permit inter-interface

Good day

I was wondering if anyone could help me. We have a PIX with version

6.3 of the code loaded, and I wanted to know what the equivalent command in version 6.3 is for the command in version 7.x: "same-security-traffic permit inter-interface"

We're trying to establish multiple interfaces with the same security level (assuming it's possible) and unfortunately, the PIX firewall doesn't have enougth RAM to upgrade to version 7.x

If anyone has any ideas, please let me know

Reply to
Mike Rahl
Loading thread data ...

I am pretty sure this is not possible in versions before 7.X


Reply to
Chad Mahoney

Right, communicating with the same security level is out of the question before 7.x.

Multiple interfaces with same security level, together with insufficient memory, would -tend- to imply an unrestricted license on a PIX 515 or early PIX 515E. In 7.x, the 515/515E need 128 Mb for full Unrestricted support; 64 for Restricted. PIX-515-MEM-128= and -32= respectively.

Equivilent memory is available for about $US130 for 128 Mb; see for example .

Reply to
Walter Roberson

Thanks for the responses, alll

I appreciate the help

I had suspected that this was not possible, but just wanted to make sure I wasn't missing anything. The client is, unfortunately, quite cheap and is nitpicking us on everything from engineering time to equipment, so we're stuck stretching whatever can be stretched to get this to work.

Walter Robers> > >Mike Rahl wrote:

Reply to
Mike Rahl

on the other hand:

why do you need this feature?

Reply to

I was actually posting it for a coworker here.

Basically, the client wants to use multiple ports on his firewall (a PIX 535e) with the same security zone (basically using the Firewall as a quasi-switch, I guess). We've repeatedly told him not to do this, but rather use 1 port on the firewall and get a proper switch, then put the users on that switch.

The client doesn't want to spend the money on the switch, nor does he want to buy memory, he just wants to stretch the firewall far beyond its capabilities.

I can assure you, this is far from an > Mike Rahl wrote:

Reply to
Mike Rahl

Bummer. :(

Is it a PIX 535 or PIX 515E? A 535 should already have enough memory, but original 515E might not have 128 Mb. If, though, the configuration is not too big or there is not a high traffic load, then the word in these newsgroups is that you can load PIX 7.x on a PIX 515/515E with less than the recommended amount of memory, particularily if you do not install ASDM.

Of course the time involved to do so, together with the disruption of client networking, is worth far far more than the cost of a simple switch. Depending on the exact needs, a $US40 switch might be good enough.

Reply to
Walter Roberson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.