PIX 506e cabling config in question

rnoel1 · ‎07-26-2005

I am a network consultant with a client who has a PIX 506e with Ethernet 0 & 1 both plugged into a Cisco Catalyst 2950 switch which also has private IP LAN clients on the same switch. My VPN is still working to another office with this config, but I don't think I am actually firewalling anything. A different vendor set this up. Based on everything I know from the last seven + years networking exp. this is incorrect. Shouldn't one be public/WAN & one be private/LAN. Can I just change the cabling config with the existing config file or could there possibly be something in their config file that is making it work properly the way it is cabled now? Could this possibly be a managed switch issue or a custom port config on the Catalyst 2950 switch?

jnaglich · ‎07-26-2005

Is the upstream router that has the internet line connected into this switch as well? It's possible that some of the switch ports are on different VLANs than the ports the users are on. So, the eth0 and upstream router inside interface can be on one VLAN and the eth1 and clients on another. It's not the best design, but it should work.

rnoel1 · ‎07-26-2005

The problem is that I'm not 100% sure that I am in the original or correct switch ports. This is due to the fact that this cabling concern came to light when we had a server room relocation of a few switches along with other equip. including the PIX. The cables might currently be in two different ports than they were originally, however; those ports might still be part of the same VLAN because they are all in the same last 4-6 switch ports of switch two if they happened to have segmented it that way. Is there anyway I can tell definitively by the contents of the config file whether this is the case or not? Also, what specifically should I look for in the daily PIX logs to see if this config is really firewalling anything? The far left column timestamps don't really look correct.