PIX 515 Switch 8 External IPs

Discussion in 'Cisco' started by Mr Corbett, Oct 24, 2005.

  1. Mr Corbett

    Mr Corbett Guest

    Hi,



    At the moment I have the 515 using 1 External IP and natting, then I use
    the switch.



    Is it possible to use 1 IP to nat, I will use a vlan for this on the switch,
    then can I use 7 ports on the switch along with my other external IPs ?



    If this is not possible what extra hardware would I need, and what is the
    theory behind a possible setup?



    I am a bit of a novice with Cisco equipment, but I am eager to learn, so a
    point in the right direction would be greatly appreciated.



    Thanks,



    Craig.
     
    Mr Corbett, Oct 24, 2005
    #1
    1. Advertising

  2. In article <6Ka7f.7402$>,
    Mr Corbett <> wrote:
    :At the moment I have the 515 using 1 External IP and natting, then I use
    :the switch.

    I am not clear whether the switch is "inside" or "outside" the PIX?

    :Is it possible to use 1 IP to nat, I will use a vlan for this on the switch,
    :then can I use 7 ports on the switch along with my other external IPs ?

    Are you asking about using the same switch for inside and outside
    network traffic, with the traffic kept seperate by VLANs? If so then
    generally Yes, you can do that, if your switch supports port-based
    VLANs, and if your security policy allows it. (Some security policies
    disallow such a thing, in order to prevent the possibility of
    "VLAN hopping" to bypass the PIX security.

    If you are asking about using 7 different VLANs on the PIX 515,
    the answer is that you cannot do that in PIX 6.x, and would have
    to upgrade to PIX 7.x, which would likely require that you upgrade
    the memory on your PIX.

    The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the
    Unrestricted license limits you to 6 VLANs in 6.x.
    --
    Chocolate is "more than a food but less than a drug" -- RJ Huxtable
     
    Walter Roberson, Oct 24, 2005
    #2
    1. Advertising

  3. Mr Corbett

    Mr Corbett Guest

    Hi, Just to clarify the switch is separate - Pix - 2900 Switch

    So either way I could use 3 of my external IPs, 1 for nat using say vlan1
    and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate
    ports on the switch to get straight external use?

    Any ideas on how I would configure such a setup ?


    "Walter Roberson" <-cnrc.gc.ca> wrote in mes
    sage news:djjgp2$f34$...
    > In article <6Ka7f.7402$>,
    > Mr Corbett <> wrote:
    > :At the moment I have the 515 using 1 External IP and natting, then I
    > use
    > :the switch.
    >
    > I am not clear whether the switch is "inside" or "outside" the PIX?
    >
    > :Is it possible to use 1 IP to nat, I will use a vlan for this on the
    > switch,
    > :then can I use 7 ports on the switch along with my other external IPs ?
    >
    > Are you asking about using the same switch for inside and outside
    > network traffic, with the traffic kept seperate by VLANs? If so then
    > generally Yes, you can do that, if your switch supports port-based
    > VLANs, and if your security policy allows it. (Some security policies
    > disallow such a thing, in order to prevent the possibility of
    > "VLAN hopping" to bypass the PIX security.
    >
    > If you are asking about using 7 different VLANs on the PIX 515,
    > the answer is that you cannot do that in PIX 6.x, and would have
    > to upgrade to PIX 7.x, which would likely require that you upgrade
    > the memory on your PIX.
    >
    > The PIX 515 Restricted license limits you to 3 VLANs in 6.x; the
    > Unrestricted license limits you to 6 VLANs in 6.x.
    > --
    > Chocolate is "more than a food but less than a drug" -- RJ Huxtable
     
    Mr Corbett, Oct 25, 2005
    #3
  4. In article <bul7f.7142$>,
    Mr Corbett <> wrote:
    :Hi, Just to clarify the switch is separate - Pix - 2900 Switch

    That doesn't really indicate whether it is "inside" or "outside"
    the PIX ?


    :So either way I could use 3 of my external IPs, 1 for nat using say vlan1
    :and 5 ports on the switch, 2 other IP's using vlan 2 & 3 using 2 separate
    :ports on the switch to get straight external use?

    No. Each VLAN must be in a distinct subnet.

    What are you trying to -do- ??

    If you are just trying to have your PIX front multiple public IPs
    on behalf of your internal devices, then you do not need to work
    with VLANs. The PIX can front any number of public IPs through
    the same interface.
    --
    Chocolate is "more than a food but less than a drug" -- RJ Huxtable
     
    Walter Roberson, Oct 25, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert R Kircher, Jr.

    HOW: multiple external IPs on a PIX 501

    Robert R Kircher, Jr., Sep 19, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,227
    Robert R Kircher, Jr.
    Sep 19, 2004
  2. Scott Townsend
    Replies:
    8
    Views:
    721
    Roman Nakhmanson
    Feb 22, 2006
  3. Mutliple IPs on a 515

    , Mar 27, 2007, in forum: Cisco
    Replies:
    7
    Views:
    496
    Lutz Donnerhacke
    Mar 30, 2007
  4. everyone51
    Replies:
    0
    Views:
    345
    everyone51
    Jun 29, 2009
  5. Martijn Lievaart

    HSRP: virtual IPs without real IPs?

    Martijn Lievaart, Feb 9, 2012, in forum: Cisco
    Replies:
    4
    Views:
    1,155
    Martijn Lievaart
    Feb 15, 2012
Loading...

Share This Page