Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
3
Replies

Secondary ip address to PIX interface

bapatsubodh
Level 1
Level 1

‎01-29-2006 04:06 AM - edited ‎02-21-2020 12:40 AM

Hi,

My set up of PIX and ISP router is like this : ISP router is using serial T1 link for internet connectivity for static (live) ip address. This router's eth0 has been connected to PIX outside interface. This interface is configured for one more internet static (live ) ip address. PIX outside interface is also configured for internet static ( live ) IP address. Users from inside use NAT and global command to use internet. so far so good. Now routers T1 link will be divided in two channels one will be used for internet use and another will be used for MPLS VPN with private addressing. Thus traffic leaving routers serial port will be for two different clouds one will be internet and another will be MPLS VPN cloud. Giving twp ip address on router serial and eth ports is done. But how can I configure PIX outside interface with 2 ip address one for NAT for internet and one for NAT or No-Nat (0) for traffiic heading for MPLS VPN cloud. This will logically connect 2 interfaces of PIX outside to 2 logical interfaces for routers eth0.

Thanx.

0 Helpful
3 Replies 3

varakantam
Level 1
Level 1

‎01-29-2006 07:38 AM

You need to use VALN's between the pix and upstream router.VLAN support for pix was introduced in 6.3 and supported in 7.0 as well, provided your upstream router supports VLAN's.

PIX ------DATAVLAN-----ROUTER

------VPNVLAN------

The following example configures parameters for a subinterface in single mode using VLAN101:

hostname(config)# interface gigabitethernet0/1.1

hostname(config-subif)# vlan 101

hostname(config-subif)# nameif dmz1

hostname(config-subif)# security-level 50

hostname(config-subif)# ip address 10.1.2.1 255.255.255.0

hostname(config-subif)# no shutdown

0 Helpful

bapatsubodh
Level 1
Level 1
In response to varakantam

‎01-29-2006 10:07 AM

Thanx. Mr. varakantam.

Similar to vlan 101 as given in ur reply. It will be possible to configure vlan 102 for some totally different network id. Then eth0 ( outside ) this will be connected to ethernet port of router. In this case I need to configure 2 corresponding sub interfaces on router and enable routing in between them. Do i need to to any separate encapsulation like ISL or 802.1q just like we do in switch trunk configuration.

I would appreciate if you can please let me know any link on cisco website for similar configuration ?

Thanx.

0 Helpful

varakantam
Level 1
Level 1
In response to bapatsubodh

‎01-29-2006 10:35 AM

Yes absolutely you may configure a second VLAN. Refer to the following guide for documentaton and implementaton.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113411

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card