Re: PIX DMZ VLAN, plus side question on VAC+

dswia555 · ‎12-26-2003

Issue:

Need to cfg. PIX 525 with a 2950 dmz switch. Would like to make VLANS on switch. Do not wish to use router on a stick to route between VLANS.

internet

router

|

outside

pix -- dmz switch (w vlans 2-6)

inside

prod network

It is my understanding that with 6.3.3 one can cfg logical ints on a Pix and have it to the routing between VLANS on a dmz switch. Is this true? I hope to aviod using .1q to the inside! So, can the PIX be cfg'd to get traffic to and from individual vlans on the dmz switch without consulting a router?

I read 6.3.1 etc., release notes and they give a very short example and discussion. Does anyone have a good, short, example cfg, similar to my situation, that they would be willing to share?

Side question:

Does anyone have solid figures on when a 525 needs a

VAC+ to handle 3des tunnels. The Cisco web site gives a nebulous suggestion. Any real world example would help me. Planning 3des to 3 peers, plus future addition of 40 peers w/ 3des.

Thanks,

D

j-block · ‎12-31-2003

Answering the first part of your question, yes its possible not sure if you went through this document but it has a sample configuration. You can configure this on any interface of the pix. It works only with 802.1q currently.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#1113411

Also go through this document for better understanding of the commands that re being used,

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1075586