06-15-2007 12:22 AM - edited 03-11-2019 03:30 AM
Hello,
We recently bought a Cisco Pix 506E firewall app. for our (small sized) network. The specs state that the pix 506 is capable of using a DMZ interface, however there are only two physical interfaces. I figure that for a DMZ i have to configure an additional logical interface (vlan). The setup that we have (with the pix 506) will be:
Pix 506:
interface 0 (outside): global ip address
interface 1 (inside): 192.168.1.1, subnet 255.255.255.0
Vlan1 (logical on interface 1): 192.168.100.1, subnet 255.255.255.0
Interface 1 is connected to an unmanaged 3com switch.
Behind the switch there are several 192.168.1.x systems and one webserver with ip address 192.168.100.7.
I was under the assumption that the pix would figure out the proper (logical) interface based on the ip address of the system, but the webserver is not able to reach any interface (not 192.168.1.1, not 192.168.100.1).
My experience with Cisco equipment is very, very limited (as one probably has figured out by now) but i assume that i need an additional switch with vlan support to make this setup work?
Can anyone confirm that this is the case? or is it possible to construct a Wan/Lan/DMZ setup with a Pix 506E without additional "intelligent" hardware?
Thank you for the reply.
06-15-2007 12:37 AM
Hi
if you are using logical interfaces on the Pix 506E then the connection from the inside interface to the switch must be configured as a trunk port on the switch. This is because multiple vlan information must be passed down this link.
I don't know whether the 3com supports 802.1q vlan tagging but this is what it needs to work.
HTH
Jon
06-15-2007 12:48 AM
Thanx for your reply Jon, the 3Com that we currently have is unmanaged, and does not support vlans. Your reply thus also indicates that I probably need additional hardware.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide