Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
4
Replies

Connectiing PIx 515E thrid interface connect with diffrent subnet switch

arvindsa
Level 1
Level 1

‎08-23-2005 11:40 PM - edited ‎03-02-2019 11:47 PM

Hi,

Let me explain my Networks:

I have HA cisco pix 515E with Public outside interface and private inside interface. One interface I'm using for state failover.

My local lan in 10.10.8 series.

Now I have to connect the one more extra lan(from dirrent departmenat) lan (172.15).

My question is can I connect PIX free interface to the some other Cisco 2950 switch and this swtich not connected to my production switch?

[1] How do I access lan 172 via Pix free interface

[2] How the routing to be done on pix

[3} do I need to allow the 172 traffic to my production 10.10.8 lan.

All above I'm doing as I would like to avoid PIX to router tunnal as second LAN(which have public router)next to my rack

Sorry for the bad english...

regards

Arvind

Labels:
0 Helpful
4 Replies 4

mehrdad
Level 3
Level 3

‎08-24-2005 12:34 AM

Hi,

With suggest that your new zone's name is inside2 and has lower security than inside (for example security90) pls see the following :

first of all you should disable NAT between these two zones , it means "inside" and "inside2"

static (inside,inside2) 10.10.8.x 10.10.8.x netmask 255.255.255.0

it prevents translation between inside and inside2

it creates a translation from 10.10.8.x to 10.10.8.x

then you should access from inside2 to inside because inside2 has lower security than inside :

access-list acl2 permit ip 172.15.x.x 255.255.0.0 10.10.8 255.255.255.x

access-group acl2 in interface inside2

as you know you should assign one of new LAN ip address to PIX new zone (inside2) as below :

ip address inside2 172.15.x.x 255.255..0.0

you don't need define any route because two LANs are connected to PIX and the PIX has connected route.

I hope it was useful.

Regards,

Mehrdad

0 Helpful

arvindsa
Level 1
Level 1
In response to mehrdad

‎08-24-2005 12:58 AM

Do I need to give NAT (inside2) 0 172.168 command..?

or static (inside,inside2) 10.10.8.x 10.10.8.x netmask 255.255.255.0

0 Helpful

mehrdad
Level 3
Level 3
In response to arvindsa

‎08-24-2005 01:16 AM

no you don't need

also be aware you can disable NAT on the PIX with NAT 0 so in your situation :

nat(inside) 0 10.10.8.0 255.255.255.0

0 Helpful

arvindsa
Level 1
Level 1
In response to mehrdad

‎08-24-2005 03:03 AM

If I'll give NAT 0to 10.10.8.0 then my al production server will loose public IP.

I think I need to assign a ACL on that interface and then do the NAT 0 on that ACL

0 Helpful
Customers Also Viewed These Support Documents