Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

Connecting a multiple vlan'd switch to pix 515 over single interface

sdawson35
Level 1
Level 1

‎08-26-2005 07:28 AM - edited ‎02-21-2020 12:21 AM

Hoping that you maybe able to help ?.

I have 2 x PIX (515) Firewalls in failover configuration, I need to connect an ethernet switch (C3560) split into 4 seperate Vlans to a single interface on each of the firewalls.

Basically I have 4 3rd Party vendors coming into my switch on 4 differant networks (hence the 4 vlans) but want the 4 networks to controlled via a single interface on the firewall.

I have reviewed the online documentation and have tried to configure both the firewall and switch but cannot get it to work.

0 Helpful
1 Reply 1

glenn.newman
Level 1
Level 1

‎08-26-2005 09:44 AM

Here is what the config should look like. You can do a "show interface f0/1 switchport" to see what the trunking status is on the switch. You will need to enable NATs on the various interfaces and do not set them at the same security level.

PIX Version 6.3(4)

interface ethernet1 auto

interface ethernet1 vlan3 logical

nameif ethernet1 inside security100

nameif vlan3 guest security50

ip address inside 192.168.1.2 255.255.255.0

ip address guest 192.168.3.1 255.255.255.0

global (outside) 1 interface

global (guest) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (guest) 1 0.0.0.0 0.0.0.0 0 0

dhcprelay enable guest

dhcprelay server 192.168.1.20 inside

Switch:

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3

switchport mode trunk

switchport nonegotiate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card