Re: Pix 7 transparent with multiple context

YOUNG-SOO BASLER · ‎05-02-2005

Hi all, I try to do multiple context in transparent mode. My idee is to make a second IP for admin purpose that is not routed within the Internet and only accessible from my inside network.interface

Ethernet0.1

vlan 1

!

interface Ethernet0.2

shutdown

no vlan

!

interface Ethernet1

!

interface Ethernet1.1

shutdown

no vlan

!

interface Ethernet1.2

shutdown

no vlan

Major Problem: I can not allocate the same VLAN to both interfaces (subinterface inside, subinterface outside). I mean if I allocate the Eth0.1 to vlan1 I need to configure the Eth1.1 with a other vlan ID !!! But in this case: The firewall is not transparent or do I something wrong?

didyap · ‎05-06-2005

Although inside IP addresses can be the same across contexts, keeping them unique is easier to manage.

http://cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010bd.html#wp1052835

YOUNG-SOO BASLER · ‎05-13-2005

Found a easy way..........

firewall transparent

!

interface Ethernet0

!

interface Ethernet1

!

interface Ethernet4

etc.

admin-context admin

context admin

allocate-interface Ethernet4

config-url flash:/admin.cfg

!

context datatraffic

allocate-interface Ethernet0

allocate-interface Ethernet1

config-url flash:/datatraffic.cfg

context datatraffic

interface Ethernet1

nameif outside

security-level 0

!

interface Ethernet0

nameif inside

security-level 100

etc....

context admin

interface Ethernet4

nameif inside

security-level 100

ip address (your management ip address)

route inside 0.0.0.0 0.0.0.0 (your gateway)