PIX same Vlan configuration on both interfaces

- P
- Padhu
  
  Contact options for registered users
posted
17 years ago

Fri, Oct 27, 2006 7:18 AM

I have a PIX 506E. I need to setup a network with this PIX as below.

vlan1 vlan2 | | ------------- | outside interface of PIX || PIX || inside interface of PIX | -------------- (switch) | | vlan1 vlan2

vlan1 (default vlan) is the physical interface and vlan 2 is the logical interface on the outside interface How do i route the packets that enter the logical interface of vlan 2 to the vlan 2 on the inside network? I am unable to create the same vlan 2 on the inside interface as the pix says its already available on onother interface.

My default vlan works fine. I am able to ping the outside logical interface of the PIX from vlan 2. How do i configure vlan 2 on the inside interface of the PIX?

Please do let me know your ideas on this.

Regards Pad

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Fri, Oct 27, 2006 10:50 AM

You can't do per-vlan routing in the PIX 506E. There is only one routing table in PIX 6: if packets in VLAN1 have a destination IP in VLAN2's range, then they will be routed there if the ACLs and xlates permit that.

You can't do it on the 506E. Use different VLAN numbers.

In order to do per-vlan routing, you would need the Virtual Router Facility that is available in PIX 7 (which is not supported on the 506E.) The number of VRF contexts supported depends on the model and the license.

I don't know if PIX 7 permits the same VLAN number for two different interfaces in the same VRF context. Somehow I suspect it doesn't.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.