Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 515 Switch 8 External IPs

Reply
Thread Tools

PIX 515 Switch 8 External IPs

 
 
Mr Corbett
Guest
Posts: n/a
 
      10-24-2005
Hi,



At the moment I have the 515 using 1 External IP and natting, then I use
the switch.



Is it possible to use 1 IP to nat, I will use a vlan for this on the switch,
then can I use 7 ports on the switch along with my other external IPs ?



If this is not possible what extra hardware would I need, and what is the
theory behind a possible setup?



I am a bit of a novice with Cisco equipment, but I am eager to learn, so a
point in the right direction would be greatly appreciated.



Thanks,



Craig.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      10-24-2005
In article <6Ka7f.7402$(E-Mail Removed)>,
Mr Corbett <(E-Mail Removed)> wrote:
:At the moment I have the 515 using 1 External IP and natting, then I use
:the switch.

I am not clear whether the switch is "inside" or "outside" the PIX?

:Is it possible to use 1 IP to nat, I will use a vlan for this on the switch,
:then can I use 7 ports on the switch along with my other external IPs ?

Are you asking about using the same switch for inside and outside
network traffic, with the traffic kept seperate by VLANs? If so then
generally Yes, you can do that, if your switch supports port-based
VLANs, and if your security policy allows it. (Some security policies
disallow such a thing, in order to prevent the possibility of
"VLAN hopping" to bypass the PIX security.

If you are asking about using 7 different VLANs on the PIX 515,
the answer is that you cannot do that in PIX 6.x, and would have
to upgrade to PIX 7.x, which would likely require that you upgrade
the memory on your PIX.

The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the
Unrestricted license limits you to 6 VLANs in 6.x.
--
Chocolate is "more than a food but less than a drug" -- RJ Huxtable
 
Reply With Quote
 
 
 
 
Mr Corbett
Guest
Posts: n/a
 
      10-25-2005
Hi, Just to clarify the switch is separate - Pix - 2900 Switch

So either way I could use 3 of my external IPs, 1 for nat using say vlan1
and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate
ports on the switch to get straight external use?

Any ideas on how I would configure such a setup ?


"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in mes
sage news:djjgp2$f34$(E-Mail Removed)...
> In article <6Ka7f.7402$(E-Mail Removed)>,
> Mr Corbett <(E-Mail Removed)> wrote:
> :At the moment I have the 515 using 1 External IP and natting, then I
> use
> :the switch.
>
> I am not clear whether the switch is "inside" or "outside" the PIX?
>
> :Is it possible to use 1 IP to nat, I will use a vlan for this on the
> switch,
> :then can I use 7 ports on the switch along with my other external IPs ?
>
> Are you asking about using the same switch for inside and outside
> network traffic, with the traffic kept seperate by VLANs? If so then
> generally Yes, you can do that, if your switch supports port-based
> VLANs, and if your security policy allows it. (Some security policies
> disallow such a thing, in order to prevent the possibility of
> "VLAN hopping" to bypass the PIX security.
>
> If you are asking about using 7 different VLANs on the PIX 515,
> the answer is that you cannot do that in PIX 6.x, and would have
> to upgrade to PIX 7.x, which would likely require that you upgrade
> the memory on your PIX.
>
> The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the
> Unrestricted license limits you to 6 VLANs in 6.x.
> --
> Chocolate is "more than a food but less than a drug" -- RJ Huxtable



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      10-25-2005
In article <bul7f.7142$(E-Mail Removed)>,
Mr Corbett <(E-Mail Removed)> wrote:
:Hi, Just to clarify the switch is separate - Pix - 2900 Switch

That doesn't really indicate whether it is "inside" or "outside"
the PIX ?


:So either way I could use 3 of my external IPs, 1 for nat using say vlan1
:and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate
orts on the switch to get straight external use?

No. Each VLAN must be in a distinct subnet.

What are you trying to -do- ??

If you are just trying to have your PIX front multiple public IPs
on behalf of your internal devices, then you do not need to work
with VLANs. The PIX can front any number of public IPs through
the same interface.
--
Chocolate is "more than a food but less than a drug" -- RJ Huxtable
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HSRP: virtual IPs without real IPs? Martijn Lievaart Cisco 4 02-15-2012 08:16 AM
PIX 515 - can Use VPN300 Client and PIX-to-PIX VPN at the same time? Stephen M Cisco 1 11-14-2006 02:03 PM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC? Scott Townsend Cisco 8 02-22-2006 09:59 PM
Checking IP addresses against lists of IPs, partial IPs, and netmasks. Adam Funk Perl Misc 12 07-05-2005 01:49 PM
HOW: multiple external IPs on a PIX 501 Robert R Kircher, Jr. Cisco 2 09-19-2004 02:32 PM



Advertisments