PIX 525 and Enterasys Switch Router

aafkhami · ‎02-18-2002

I have a PIX 525 with 5 interfaces. When test it in our lab with connecting each interface to a separate hub, everything is working fine.

However, as soon as put it in actual network which is 5 VLANs in an Enterasys SSR8000 switch router, it stop to let traffic through the interfaces.

Is there any problem with VLANs or with Enterasys Switch Routers that anyone is aware of?

Thanks,

Ali

mhussein · ‎02-18-2002

Try clearing the ARP cache "clear arp cache", then issue a "sho arp cache" and make sure that the arp table is consistent.

Hope that helps,

Mustafa Hussein

Comark, Inc.

aafkhami · ‎02-18-2002

Thanks for your response...

I had already tried that. Didn't help.

bdube · ‎02-18-2002

If your VLANs are correctly configured, the PIX should work.

Also, if your SSR8000 is routing for each network behind him, you should add routes statement in the PIX's config. Because PIX cannot discovered the routes by themself.

Regards,

Benoît

aafkhami · ‎02-18-2002

Thanks for your response. VLAN is working as I was using the same ports on SSR8000 for previous firewall which was an IBM SecureWay firewall. PIX just replaced that one using same ports and same config on SSR8000.

As well, I have already added routes for all subnets throughout our corporate network to the PIX.

The only difference between IBM setup and PIX setup is that PIX has 3 DMZs while IBM had 2. The reason is we have two ip ranges for one of our DMZs and as PIX doesn't dupport secondary ip addresses, I had to add 3rd DMZ and connect it to the same VLAN in SSR8000. Could that be a problem? Is proxy arp in PIX causing the problem? (Should I disable proxy arp?)

Thanks,

Ali