Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

2 outside interfaces on a PIX

logan-7
Level 1
Level 1

‎01-28-2005 06:27 AM - edited ‎02-20-2020 11:53 PM

I need to create a second outside interface on my PIX 520 running 6.3(3) ios. My PIX has 6 interface on it. 1 is the Outside interface, 1 is the inside, 1 is the DMZ, so I have 3 nonused interfaces on my PIX.

What my organization is trying to do is sperate specific traffic at our boarder router to route to another interface and go through a Trend Viruswall then be reintergrated back in to the main flow of traffic comming into our network. I have used route-maps to sperate the traffic on our boarder router, and have assigned a seperate 27 bit network to this. I have also assigned the Ethernet3 interface on the PIX to this same network.

The Problem is the PIX is not reconizing that this network is attached to it. There is not entry in its route statments for the network but when I do a Show route I don't see it as Connected. I can't ping the interface from the PIX it self. But the Interface shows UP when I do a Show Interfaces.

Any Suggestions???

Thanks

0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎01-28-2005 08:02 AM

Can you paste output of show interface e3 ?

Try hardcoding the speed and duplex on the ethernet interface "int e3 100full"

Are you directly connecting PIX's e3 and the router or to a switch ?

I would recommend doing this. Create two vlans on the outside switch. Vlan 2 an Vlan 3. On the router's FastE create two sub interfaces. One for the regular outside interface traffic (vlan2), and the other for the new network (vlan 3)that you try to create.

Connect the PIX outside interface (e0) to a port on switch belonging to vlan2. Connect e3 (dmz) to a port on the switch belonging to vlan3. This way you can segregate the traffic. You cannot have two PIX interfaces with the same security value of 0 (outside interface). So e3 will be a dmz with some security value between 0 and 100 (excluding 0 and 100). This value can be specified as you wish.

Connect the PI

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

logan-7
Level 1
Level 1
In response to thisisshanky

‎01-28-2005 10:41 AM

the Pix's outside interface connects to a switch & the switch connects to the router.

I make e3 security 5

I have an access-list permiting the network that resides on e3 to enter the PIX.

with No routing statement in the PIX about the network on interface e3 the pix doesn't see that network.

But if I put a routing statement on the Pix

route (interface e0) x.x.x.x x.x.x.x

I can ping the interface.

But if you do a show route that route statement doesn't show as Connected but Other.

Do you think this will be a problem??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card