Vlans and PIX question

Discussion in 'Cisco' started by pfisterfarm, Jan 27, 2010.

  1. pfisterfarm

    pfisterfarm Guest

    Thanks again to everyone who replied to my last post... I've got
    another project related to the same VMWare server...

    I have a situation where I need to set up network access for a new
    virtual server in a vlan where most of the existing hosts are on the
    other side of a PIX 525 (running 7.2(2)).

    The other hosts in the vlan are connected to a 4507 core switch, which
    is connected to an interface which is the DMZ and has the default
    gateway address of that vlan. Actually, the vlan, let's use the number
    10, was set up at one point but is currently shutdown. The connection
    to the PIX is an access port in the 10 vlan. The inside interface is
    connected to another port on the same 4507. The port the inside
    interface is connected to is an access port in the central site's core
    vlan... let's use 20 for this discussion.

    The VMWare server is 2 hops away, first through an ATM connection to a
    8540 (set up with IRB) to a 3560. Two other things about the
    configuration that might be important: (1) there is a second PIX in an
    active/standby configuration, and (2) the inside ports that the two
    PIXes are connected to is the source in a port mirror to a port that a
    content filter is connected to.

    I'm guessing that some sort of routing needs to be set up on the PIX
    (es)... what is the best method of doing that? Since this is a
    production network, I was hoping to have to change as little as
    possible (obviously...)
    pfisterfarm, Jan 27, 2010
    #1
    1. Advertising

  2. In article <>, pfisterfarm <> writes:
    >Thanks again to everyone who replied to my last post... I've got
    >another project related to the same VMWare server...
    >
    >I have a situation where I need to set up network access for a new
    >virtual server in a vlan where most of the existing hosts are on the
    >other side of a PIX 525 (running 7.2(2)).
    >
    >The other hosts in the vlan are connected to a 4507 core switch, which
    >is connected to an interface which is the DMZ and has the default
    >gateway address of that vlan. Actually, the vlan, let's use the number
    >10, was set up at one point but is currently shutdown. The connection
    >to the PIX is an access port in the 10 vlan. The inside interface is
    >connected to another port on the same 4507. The port the inside
    >interface is connected to is an access port in the central site's core
    >vlan... let's use 20 for this discussion.
    >
    >The VMWare server is 2 hops away, first through an ATM connection to a
    >8540 (set up with IRB) to a 3560. Two other things about the
    >configuration that might be important: (1) there is a second PIX in an
    >active/standby configuration, and (2) the inside ports that the two
    >PIXes are connected to is the source in a port mirror to a port that a
    >content filter is connected to.
    >
    >I'm guessing that some sort of routing needs to be set up on the PIX
    >(es)... what is the best method of doing that?


    I have some problems understanding your scenario. Some sort of a schematic
    would be helpful.

    In general, a Pix interface can be divided up into several virtual interfaces.
    Each interface may belong to a different VLAN. Could this be a solution for
    your scenario?

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
    Christoph Gartmann, Jan 28, 2010
    #2
    1. Advertising

  3. pfisterfarm

    pfisterfarm Guest

    Yes, I should have known I really needed a diagram. I'll put something
    together and post it. Thanks!
    pfisterfarm, Jan 28, 2010
    #3
  4. pfisterfarm

    pfisterfarm Guest

    On Jan 28, 9:32 am, pfisterfarm <> wrote:
    > Yes, I should have known I really needed a diagram. I'll put something
    > together and post it. Thanks!


    I've got a diagram together and hopefully I've got everything on there
    that I need to...

    http://www.pfisterfarm.com/vlan_and_pix_post.jpg

    The ports on the 4507R going to the pix are both access ports in the
    appropriate vlan. All other ports should be trunk ports, currently.

    Thanks!
    pfisterfarm, Jan 28, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ST MS

    PIX and VLANs

    ST MS, Dec 4, 2003, in forum: Cisco
    Replies:
    5
    Views:
    935
    Walter Roberson
    Dec 5, 2003
  2. ST MS

    PIX and VLANs continued

    ST MS, Jan 15, 2004, in forum: Cisco
    Replies:
    0
    Views:
    367
    ST MS
    Jan 15, 2004
  3. Replies:
    0
    Views:
    565
  4. punisher
    Replies:
    2
    Views:
    2,076
    Charles Deling
    Nov 17, 2005
  5. alsgto
    Replies:
    0
    Views:
    714
    alsgto
    Jul 18, 2006
Loading...

Share This Page