Hi,
At the moment I have the 515 using 1 External IP and natting, then I use the switch.
Is it possible to use 1 IP to nat, I will use a vlan for this on the switch, then can I use 7 ports on the switch along with my other external IPs ?
If this is not possible what extra hardware would I need, and what is the theory behind a possible setup?
I am a bit of a novice with Cisco equipment, but I am eager to learn, so a point in the right direction would be greatly appreciated.
Thanks,
Craig.
In article , Mr Corbett wrote: :At the moment I have the 515 using 1 External IP and natting, then I use :the switch.
I am not clear whether the switch is "inside" or "outside" the PIX?
:Is it possible to use 1 IP to nat, I will use a vlan for this on the switch, :then can I use 7 ports on the switch along with my other external IPs ?
Are you asking about using the same switch for inside and outside network traffic, with the traffic kept seperate by VLANs? If so then generally Yes, you can do that, if your switch supports port-based VLANs, and if your security policy allows it. (Some security policies disallow such a thing, in order to prevent the possibility of "VLAN hopping" to bypass the PIX security.
If you are asking about using 7 different VLANs on the PIX 515, the answer is that you cannot do that in PIX 6.x, and would have to upgrade to PIX 7.x, which would likely require that you upgrade the memory on your PIX.
The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the Unrestricted license limits you to 6 VLANs in 6.x.
Hi, Just to clarify the switch is separate - Pix - 2900 Switch
So either way I could use 3 of my external IPs, 1 for nat using say vlan1 and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate ports on the switch to get straight external use?
Any ideas on how I would configure such a setup ?
"Walter Roberson" wrote in mes sage news:djjgp2$f34$ snipped-for-privacy@canopus.cc.umanitoba.ca...
In article , Mr Corbett wrote: :Hi, Just to clarify the switch is separate - Pix - 2900 Switch
That doesn't really indicate whether it is "inside" or "outside" the PIX ?
:So either way I could use 3 of my external IPs, 1 for nat using say vlan1 :and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate :ports on the switch to get straight external use?
No. Each VLAN must be in a distinct subnet.
What are you trying to -do- ??
If you are just trying to have your PIX front multiple public IPs on behalf of your internal devices, then you do not need to work with VLANs. The PIX can front any number of public IPs through the same interface.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.