Solved: Re: PIX vlan routing

kirkster · ‎09-28-2006

Hi,

Two vlans on the PIX 506 interface at 6.3 code. Is it possible to use these logical interfaces in exactly the same way as physical ones? i.e. Can access lists be applied and packets enter the firewall on vlan x and be permitted/denied to vlan y, where x and y are vlans on the same physical interface? In other words, as long as they are permitted to do so by policy, packets can route in and out the same physical interface on different vlans? ASA definitley supports this since I have done this numeorus times. However, I recall someone saying you can't do on a stick rouitng with the PIX. Surely you can?? I emphasise it's 6.3 I am using.

Sorry for this very basic question; cco doesn't make this clear. I have no access to our lab until Monday to work it out either!

Cheers, Steve

andrew.burns · ‎09-29-2006

Hi,

Quick answer is yes, you can, as long as it's between two interfaces (which can be either phyical or logical). PIX 6.3 doesn't support "on a stick" routing either on phyical or logical interfaces (7.0 does though), but between two interfaces is perfectly feasible.

HTH

Andrew.

View solution in original post

andrew.burns · ‎09-29-2006

Hi,

Quick answer is yes, you can, as long as it's between two interfaces (which can be either phyical or logical). PIX 6.3 doesn't support "on a stick" routing either on phyical or logical interfaces (7.0 does though), but between two interfaces is perfectly feasible.

HTH

Andrew.

kirkster · ‎09-29-2006

Thanks Andrew. I thought as much but can't test it until Monday.

Nice weekend.

Steve