Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

pix 515e v6.3(5) interfaces

tims
Level 1
Level 1

‎04-13-2006 12:11 PM - edited ‎02-21-2020 12:50 AM

I am configuring a pix 515e with 6 interfaces. Right now 3 are enabled, 0,1,4. I also have a 1760 router and a catalyst 1950 switch. the switch is configured in 4 vlans with vlan 1 ip 10.1.0.3 the router connection is on vlan 1 port 0/2. The pix is also on vlan 1 port 0/1. The switch has a single ethernet interface subnetted four times .1 is using 10.1.0.2, .2 is using 10.1.1.2, .3 is using 10.1.2.2 and .4 is using 10.1.3.2. Both the router and switch are using 802.1q trunking to get the vlans talking. the problem going back to the pix is that the inside interface is 10.1.0.1 and interface4 named linux is 10.2.1.1. and I can't seem to configure the inside interface to comunicate with the linux interface. Is this possible in the current configuration or do I need to have a second interface on the router. I apologize if more info is needed as I am new to the cisco world please let me know what you would need to answer this question. Also if this is the wrong forum to post to again please let me know. I have used global and nat as well as static commands but nothing seems to work. Thanks for any help you may be able to provide.

0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎04-17-2006 05:28 PM

Hello,

It helps to post the configs. Its probably a need for static nat statements. Any time traversing through a pix from a Higher security level to a lower secuirty level you need some sort of nat statement or translation statment. Any time you want to access from a lower security level to a higher security level you need create explict access allowing that traffic. If you don't want to hide your traffic from the inside interface to the linux interface you would create a nat statement like this.

static (inside,linux) 10.1.0.0 10.1.0.0 mask 255.255.252.0

access-list Linux_in permit 10.2.1.0 255.255.255.0 10.1.0.0 255.255.252.0

access-group Linux_in in interface linux

Let me get a few facts straight.

Inside your network is 10.1.0.0/22 Your linux network is 10.2.1.0/24 which hangs off the pix linux interface. To reach all your networks from the linux network to the inside networks without translating you would use the above commands.

Patrick

Please rate any posts that are helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card