I'm trying to keep everything the same as it is. Do I have to do anything special on the PIX to pass data to and from the router. My inside networks are vlan1 and vlan2 at the switch level and my router is on 1,2 and vlan3which is for outbound traffic. It's a router on a stick configuration.

You will have to configure an 802.1q trunk link on the switch port that connects to your PIX. (interface fa0/1, switchport trunk encap dot1q, swi mode trunk). Than do something like the below on your PIX (changing the VLAN numbers to correspond to your VLAN's that you created on your switch). The PIX will route between VLAN's so you will probably be changing your routers config around as well. Be sure your PIX is running a minimum of PIX code 6.3 to do VLAN's. If your running 7.0, let me know, the config has changed quite a bit. The below config will only create the VLAN interface and the PIX will treat it as a completely seperate physical interface so you will need to create your routes, NAT, statics, and rules to allow traffic to pass.

interface ethernet0 auto shutdown

interface ethernet1 auto shutdown

interface ethernet1 vlan2 physical

interface ethernet1 vlan3 logical

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan3 SomeName security50

nat (inside) 0 0.0.0.0 0.0.0.0 0 0 <--- or whatever

nat (SomeName) 0 0.0.0.0 0.0.0.0 0 0 <--- or whatever

ip address outside X.X.X.X 255.255.255.0

ip address inside X.X.X.X 255.255.255.0

ip address SomeName X.X.X.X 255.255.255.0

(etc....)

Hi baileja ,

How can a failover pix be included in this senario? single L2 switch provide 2 trunks to two PIX?

how to do that, pls advise.