PIX same Vlan configuration on both interfaces

Discussion in 'Cisco' started by Padhu, Oct 27, 2006.

  1. Padhu

    Padhu Guest

    I have a PIX 506E. I need to setup a network with this PIX as below.

    vlan1 vlan2
    | |
    outside interface of PIX
    || PIX ||
    inside interface of PIX
    -------------- (switch)
    | |
    vlan1 vlan2

    vlan1 (default vlan) is the physical interface and vlan 2 is the
    logical interface on the outside interface
    How do i route the packets that enter the logical interface of vlan 2
    to the vlan 2 on the inside network? I am unable to create the same
    vlan 2 on the inside interface as the pix says its already available on
    onother interface.

    My default vlan works fine. I am able to ping the outside logical
    interface of the PIX from vlan 2. How do i configure vlan 2 on the
    inside interface of the PIX?

    Please do let me know your ideas on this.

    Padhu, Oct 27, 2006
  2. You can't do per-vlan routing in the PIX 506E. There is only one
    routing table in PIX 6: if packets in VLAN1 have a destination IP
    in VLAN2's range, then they will be routed there if the ACLs and
    xlates permit that.
    You can't do it on the 506E. Use different VLAN numbers.

    In order to do per-vlan routing, you would need the Virtual Router
    Facility that is available in PIX 7 (which is not supported
    on the 506E.) The number of VRF contexts supported depends on the
    model and the license.

    I don't know if PIX 7 permits the same VLAN number for two different
    interfaces in the same VRF context. Somehow I suspect it doesn't.
    Walter Roberson, Oct 27, 2006
