Pix and vlan allowing traffic

- N
- ntst
  
  Contact options for registered users
posted
18 years ago

Wed, Mar 22, 2006 11:12 PM

Hello,

Is it possible to allow traffic from workstations located on vlan10 to fileserver (samba) located on vlan20? VLAN20 is on lower security interface.

Thank you.

Loading thread data ...

- N
- ntst
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Mar 22, 2006 11:13 PM

Sorry I forgot. I use pix 506e with vlan support

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Mar 23, 2006 3:10 AM

In article , ntst wrote: [PIX 506E]

Yes. If you do not have an access-group applied to vlan10 then that traffic would be permitted by default. If you do have an access-group, then allow it in the named access-list .

Return traffic is also of concern. SMB can be over TCP or over NETBIOS (UDP). If you happen to be using the NETBIOS version

-and- if the server sends asynchronous packets to the clients or the server might delay a response for over 2 minutes [e.g., waiting until a file becomes unlocked] then the UDP session might time out. To deal with that you would have to either raise the UDP timeout or else permit the UDP traffic in an access-group applied to the vlan20 interface.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.