Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
5
Replies

PIX 515E Routing 2 internal networks

Colin_clear
Level 1
Level 1

‎01-07-2005 08:36 AM - edited ‎02-20-2020 11:51 PM

Hi All,

I have the following scenario.

Currently have 1 internal network connected to pix.

Would like to add a second using a lvl 3 managed switch connecting to the pix. So both networks connect to the switch then switch to pix.

Primary concern is can this be done or should I employ a router?

Also both networks have their own internal mail servers, is it possible to make this work by adding a second external ip to the pix and have the switch route the mail to the correct network?

Any help greatly appreciated.

Rgs

Colin

0 Helpful
5 Replies 5

rais
Level 7
Level 7

‎01-07-2005 09:22 AM

WIth a Layer 3 switch, this can be done. A Layer-3 switch should do what do you looking for.

By second external ip, do you mean public IP address? If so, yes, this can be done.

Thanks.

0 Helpful

erickflamenco
Level 1
Level 1
In response to rais

‎01-07-2005 01:36 PM

Also, what I do on these cases:

pix(config)#route inside network_A mask gw-address

pix(config)#route inside network_B mask gw-address

Erick

0 Helpful

Colin_clear
Level 1
Level 1
In response to erickflamenco

‎01-10-2005 01:38 AM

Hi Erick,

Thanks for you're reply.

Could u briefly explain what is happening here.

I'm assuming you are masking the gateway address?

What is the reason for this and why would you do it?

Rgs

0 Helpful

turnbull
Level 1
Level 1

‎01-10-2005 05:11 AM

Hi Colin,

1. Add another interface card to the pix. VLAN the switch and then connect the inside and DMZ interfaces to the switch.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1131114

(PIX 515 has minimum of 3 interfaces licenced. Free upgrade if licence shows only 2)

or

2. VLAN the inside interface of the pix. VLAN the switch still but connect the pix to the switch by trunk port.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1115446

You are correct to propose a second public address static for the second mail server.

eg,(where outside ip address is 192.168.40.2/28)

static (inside,outside) tcp interface 25 mailserver1 25 netmask 255.255.255.255

static (DMZ,outside) tcp 192.168.40.3 25 mailserver2 25 netmask 255.255.255.255

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm#wp1090663

Cheers,

Paul.

0 Helpful

erickflamenco
Level 1
Level 1

‎01-10-2005 07:22 AM

Hello,

That's the sintax only, they are just simple static routes, something like this:

if VLAN10 is 172.16.10.0 and

mailsrv1 is 172.16.10.3/24 and

VLAN20 is 172.16.20.0 and

mailsrv2 is 172.16.20.3/24

you could have the inside interface in

vlan30 172.16.30.0/24 with

pix inside 172.16.30.2/24 and

VLAN30 ip address 172.16.30.1 255.255.255.0

Then,

pix(config)#route 172.16.10.0 255.255.255.0 172.16.30.1

pix(config)#route 172.16.20.0 255.255.255.0 172.16.30.1

also as you say

mailsrv1 has it's own static public translation as well as mailsrv2.

Regards,

Erick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card