Re: PIX & Layer 2

vanagon2tdi · ‎03-17-2005

I have a PIX 515 running 6.3.4v with 4 extra (besides the main two) Ethernet ports.

I am wondering if I am able to do layer 2 all the way to the PIX?

We are a small satellite Telco getting bigger by the day, and running into a situation where we have multiple networks with multiple clients sitting off of each network. Each client is going to want to run there own addresses space on their networks but do to the large amount of clients we will definitely start to see more conflicts in addresses. For this reason we want to run layer 2 all the way to the PIX so all the clients can use the same internet feed.

Any thoughts on this would be great

layer9 · ‎03-17-2005

No can do. The PIX is a stateful inspection "packet" filtering appliance. Packets of course occur at Layer 3, therefore the PIX relies on Layer 3 functionality to communicate. Also it is important to remember that the Internet itself is a Layer3 based technology, and although there are Telco provided services such as ATM or Frame Relay technology that haul mid-transit traffic at Layer 2, and some service provider offerings such as LANE which bring Layer 2 across the long haul to the doorstep, none of these work with the PIX or in your situation.

Your clients connections will be from private networks, most on a 192.168.x.x network. This is the defualt for most SOHO routers and such, so chances are if you went with a 10.x.x.x network you would be ok.

Chris Weber CCDP

layer9 · ‎03-17-2005

Also it is important to determine hor your clients are connecting to you. I assume they are using a satellite connection and then out to the Internet over a DS3 or something? I am not sure where the PIX fits into this. You have Layer 2 connections and Layer 3 connections going on with your satellite equipment I assume? I just don't see where the PIX is involved with the point to point satellite.

More information on your current network topology would be helpfull.

Chris Weber CCDP