Vlan and PIX question

Discussion in 'Cisco' started by Rob, Mar 28, 2006.

  1. Rob

    Rob Guest

    Hi,
    We are going to share our Internet connection feed with a WAN connection.
    The ISP will do it using VLAN. My plan is to bring the feed to a swtich
    which supports VLAN and then split it to ports with different VLN ID, and
    take the Internet to the outside PIX (515, 6.3). My question.... Is that
    doable? Do I need to change anything on PIX? Do you see any issue with
    VLANing and PIX as long as I use a swith to split VLANs.
    Thanks in advance for any help. Rob
     
    Rob, Mar 28, 2006
    #1
    1. Advertising

  2. Rob

    Merv Guest

    You should give consideration to encrypting the WAN traffic using IPSEC.
     
    Merv, Mar 28, 2006
    #2
    1. Advertising

  3. * Rob wrote:
    > doable? Do I need to change anything on PIX? Do you see any issue with
    > VLANing and PIX as long as I use a swith to split VLANs.


    No problems. Have fun.
     
    Lutz Donnerhacke, Mar 28, 2006
    #3
  4. In article <442982d3$>, Rob <> wrote:
    >We are going to share our Internet connection feed with a WAN connection.
    >The ISP will do it using VLAN. My plan is to bring the feed to a swtich
    >which supports VLAN and then split it to ports with different VLN ID, and
    >take the Internet to the outside PIX (515, 6.3). My question.... Is that
    >doable? Do I need to change anything on PIX? Do you see any issue with
    >VLANing and PIX as long as I use a swith to split VLANs.


    The PIX 515 running 6.3 software can handle several 802.1Q VLANs
    directly -- that is, you could trunk several VLANs to the 515
    and configure "logical" interfaces and pull the VLANs off as if
    they were seperate physical interfaces. Whether you want to do that
    or not depends on whether you are providing security for the other VLANs
    or if they belong to other organizations.

    If you are just using a plain stream out the 515 and the switch
    is encapsulating into a VLAN, then you *might* need to reduce
    the sysopt mss and/or the MTU by a few bytes, if there is any
    equipment in the path that does not know about the extended
    frame size that is often allowed for 802.1Q tagged packets.
     
    Walter Roberson, Mar 29, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PS2 gamer
    Replies:
    1
    Views:
    1,033
    Ivan Ostres
    May 28, 2004
  2. Andy
    Replies:
    1
    Views:
    12,064
    Walter Roberson
    Sep 21, 2005
  3. Rahan

    User's VLAN and special VLAN

    Rahan, Aug 25, 2006, in forum: Cisco
    Replies:
    0
    Views:
    535
    Rahan
    Aug 25, 2006
  4. Replies:
    4
    Views:
    1,007
  5. JavierI
    Replies:
    0
    Views:
    727
    JavierI
    Nov 17, 2007
Loading...

Share This Page