02-18-2002 10:53 AM - edited 02-20-2020 09:59 PM
I have a PIX 525 with 5 interfaces. When test it in our lab with connecting each interface to a separate hub, everything is working fine.
However, as soon as put it in actual network which is 5 VLANs in an Enterasys SSR8000 switch router, it stop to let traffic through the interfaces.
Is there any problem with VLANs or with Enterasys Switch Routers that anyone is aware of?
Thanks,
Ali
02-18-2002 11:37 AM
Try clearing the ARP cache "clear arp cache", then issue a "sho arp cache" and make sure that the arp table is consistent.
Hope that helps,
Mustafa Hussein
Comark, Inc.
02-18-2002 12:19 PM
Thanks for your response...
I had already tried that. Didn't help.
02-18-2002 11:59 AM
If your VLANs are correctly configured, the PIX should work.
Also, if your SSR8000 is routing for each network behind him, you should add routes statement in the PIX's config. Because PIX cannot discovered the routes by themself.
Regards,
Benoît
02-18-2002 12:24 PM
Thanks for your response. VLAN is working as I was using the same ports on SSR8000 for previous firewall which was an IBM SecureWay firewall. PIX just replaced that one using same ports and same config on SSR8000.
As well, I have already added routes for all subnets throughout our corporate network to the PIX.
The only difference between IBM setup and PIX setup is that PIX has 3 DMZs while IBM had 2. The reason is we have two ip ranges for one of our DMZs and as PIX doesn't dupport secondary ip addresses, I had to add 3rd DMZ and connect it to the same VLAN in SSR8000. Could that be a problem? Is proxy arp in PIX causing the problem? (Should I disable proxy arp?)
Thanks,
Ali
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide