PIX same Vlan configuration on both interfaces

Discussion in 'Cisco' started by Padhu, Oct 27, 2006.

  1. Padhu

    Padhu Guest

    I have a PIX 506E. I need to setup a network with this PIX as below.

    vlan1 vlan2
    | |
    -------------
    |
    outside interface of PIX
    || PIX ||
    inside interface of PIX
    |
    -------------- (switch)
    | |
    vlan1 vlan2

    vlan1 (default vlan) is the physical interface and vlan 2 is the
    logical interface on the outside interface
    How do i route the packets that enter the logical interface of vlan 2
    to the vlan 2 on the inside network? I am unable to create the same
    vlan 2 on the inside interface as the pix says its already available on
    onother interface.

    My default vlan works fine. I am able to ping the outside logical
    interface of the PIX from vlan 2. How do i configure vlan 2 on the
    inside interface of the PIX?

    Please do let me know your ideas on this.

    Regards
    Pad
     
    Padhu, Oct 27, 2006
    #1
    1. Advertising

  2. In article <>,
    Padhu <> wrote:
    >I have a PIX 506E. I need to setup a network with this PIX as below.


    >vlan1 vlan2
    > | |
    > -------------
    > |
    >outside interface of PIX
    > || PIX ||
    >inside interface of PIX
    > |
    > -------------- (switch)
    > | |
    >vlan1 vlan2


    >vlan1 (default vlan) is the physical interface and vlan 2 is the
    >logical interface on the outside interface
    >How do i route the packets that enter the logical interface of vlan 2
    >to the vlan 2 on the inside network?


    You can't do per-vlan routing in the PIX 506E. There is only one
    routing table in PIX 6: if packets in VLAN1 have a destination IP
    in VLAN2's range, then they will be routed there if the ACLs and
    xlates permit that.

    >I am unable to create the same
    >vlan 2 on the inside interface as the pix says its already available on
    >onother interface.


    You can't do it on the 506E. Use different VLAN numbers.

    In order to do per-vlan routing, you would need the Virtual Router
    Facility that is available in PIX 7 (which is not supported
    on the 506E.) The number of VRF contexts supported depends on the
    model and the license.

    I don't know if PIX 7 permits the same VLAN number for two different
    interfaces in the same VRF context. Somehow I suspect it doesn't.
     
    Walter Roberson, Oct 27, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. avraham shir-el
    Replies:
    4
    Views:
    8,557
    avraham shir-el
    Jul 20, 2004
  2. Bill F
    Replies:
    1
    Views:
    1,785
    Walter Roberson
    Sep 17, 2004
  3. Replies:
    2
    Views:
    504
  4. AM
    Replies:
    0
    Views:
    354
  5. masani paresh
    Replies:
    12
    Views:
    1,001
    Phillip Windell
    Jul 24, 2008
Loading...

Share This Page