PIX 515 Switch 8 External IPs|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Mr Corbett on October 24, 2005, 3:37 pm
Please log in for more thread options
At the moment I have the 515 using 1 External IP and natting, then I use the switch. Is it possible to use 1 IP to nat, I will use a vlan for this on the switch, then can I use 7 ports on the switch along with my other external IPs ? If this is not possible what extra hardware would I need, and what is the theory behind a possible setup? I am a bit of a novice with Cisco equipment, but I am eager to learn, so a point in the right direction would be greatly appreciated. Thanks, Craig. | |||||||||||||||||||
|
Posted by Walter Roberson on October 24, 2005, 4:38 pm
Please log in for more thread options :the switch. I am not clear whether the switch is "inside" or "outside" the PIX? :Is it possible to use 1 IP to nat, I will use a vlan for this on the switch, :then can I use 7 ports on the switch along with my other external IPs ? Are you asking about using the same switch for inside and outside network traffic, with the traffic kept seperate by VLANs? If so then generally Yes, you can do that, if your switch supports port-based VLANs, and if your security policy allows it. (Some security policies disallow such a thing, in order to prevent the possibility of "VLAN hopping" to bypass the PIX security. If you are asking about using 7 different VLANs on the PIX 515, the answer is that you cannot do that in PIX 6.x, and would have to upgrade to PIX 7.x, which would likely require that you upgrade the memory on your PIX. The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the Unrestricted license limits you to 6 VLANs in 6.x. -- Chocolate is "more than a food but less than a drug" -- RJ Huxtable | |||||||||||||||||||
|
Posted by Mr Corbett on October 25, 2005, 3:51 am
Please log in for more thread options Hi, Just to clarify the switch is separate - Pix - 2900 Switch
So either way I could use 3 of my external IPs, 1 for nat using say vlan1 and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate ports on the switch to get straight external use? Any ideas on how I would configure such a setup ? | |||||||||||||||||||
|
Posted by Walter Roberson on October 25, 2005, 9:42 am
Please log in for more thread options :Hi, Just to clarify the switch is separate - Pix - 2900 Switch
That doesn't really indicate whether it is "inside" or "outside" the PIX ? :So either way I could use 3 of my external IPs, 1 for nat using say vlan1 :and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate :ports on the switch to get straight external use? No. Each VLAN must be in a distinct subnet. What are you trying to -do- ?? If you are just trying to have your PIX front multiple public IPs on behalf of your internal devices, then you do not need to work with VLANs. The PIX can front any number of public IPs through the same interface. -- Chocolate is "more than a food but less than a drug" -- RJ Huxtable | |||||||||||||||||||
| Similar Threads | Posted |
| PIX 515 Switch 8 External IPs | October 24, 2005, 3:37 pm |
| PIX VPN using external addresses | September 6, 2005, 8:33 pm |
| Howto hit an external ip with VPN | September 27, 2005, 4:11 pm |
| Map external IP as internal IP? | November 3, 2005, 11:08 am |
| PIX with two external Netowrks | January 20, 2006, 9:22 am |
| PA-MC-T3 vs. External MUX on 7206VXR | July 27, 2006, 9:37 am |
| On internal IP to many external IPs | August 22, 2006, 6:03 am |
| external vlan | March 19, 2007, 6:02 pm |
| two external ip addresses | March 8, 2008, 12:42 pm |
| Multiple external IPs on SOHO97 | November 10, 2005, 6:29 am |
| Allow all traffic from one external IP inside | February 14, 2006, 2:42 pm |
| ACS not authenticating with external database | March 3, 2006, 3:22 pm |
| Internal Web Server, External DNS | November 16, 2006, 1:48 pm |
| connectivity via external modems | December 27, 2006, 11:24 pm |
| Same external IP Address for two devices | March 1, 2007, 12:32 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> use
> :the switch.
>
> I am not clear whether the switch is "inside" or "outside" the PIX?
>
> :Is it possible to use 1 IP to nat, I will use a vlan for this on the
> switch,
> :then can I use 7 ports on the switch along with my other external IPs ?
>
> Are you asking about using the same switch for inside and outside
> network traffic, with the traffic kept seperate by VLANs? If so then
> generally Yes, you can do that, if your switch supports port-based
> VLANs, and if your security policy allows it. (Some security policies
> disallow such a thing, in order to prevent the possibility of
> "VLAN hopping" to bypass the PIX security.
>
> If you are asking about using 7 different VLANs on the PIX 515,
> the answer is that you cannot do that in PIX 6.x, and would have
> to upgrade to PIX 7.x, which would likely require that you upgrade
> the memory on your PIX.
>
> The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the
> Unrestricted license limits you to 6 VLANs in 6.x.
> --
> Chocolate is "more than a food but less than a drug" -- RJ Huxtable