09-19-2005 01:39 AM - edited 03-03-2019 12:05 AM
Hi all,
Current Scenario
Internet->2600Router->Cisco 501 Firewall->7 2950 Switchs based LAN on 192.168.165.0. with 150 users.
Asked to . Create and configuring 6 VLANs behind Firewall.
Questions.
How Ill be make firewall see all Vlans with different subnets as one range 192.168.165.0
Do I need to configure firewall for VLANS if yes then please advice how to do that?
All PC and servers are on same subnet. How Ill make them to access internet through Firewall after putting into seprate vlans and subnets.
We have 3 VPN connection. Do i need to change anything regarding them too?
Please give suggestions.
Thanks in advance.
09-19-2005 03:07 AM
Hi,
You can add a route in the PIX which is pointing towards your Core switch like below.
route inside 192.168.165.0 255.255.255.0 "core switch ip "
Again give a default route back to firewall inside inteface on core switch
i assumes that you already have a default route on PIX towards your 2600 router.
I hope this will work for you..
Jaison
09-19-2005 03:12 AM
Hi Sid,
You 501 Pix supports Vlan with the code 6.3.4 or above. The problem is it supports only 3 vlans though. So you cannot configure your 501 for 6 Vlans. If you put your 501 in one vlan and make another vlans but still other vlans will not be able to access it as 2950 doesnot support inter-vlan routing. So to accomplish this what you need is a layer 3 switch on which you can set multiple vlans and have routing enabled between the different vlans.
You can got for 3550,3560,3750 or higher. You need to pass your interestig traffic from different vlans over the VPN tunnels. So just make sure that you traffic is following do diff locations from your Vlans.
HTH,
-amit singh
09-19-2005 09:15 AM
Hi Amit
Thanks for quick response! Can you plase provide me detailed commands to configure VLans on PIX 506e? Can I use 1700 Router for interVlan routing? Please give the commands to setup on router.Can i have your email address?
Thanks in Advance
Sid
10-26-2005 05:49 AM
Check the IOS version on the 2950, you may need to upgrade it to an EMI version or one that supports VLAN routing. Then choose one of these switches and configure it to support VLAN routing. Make sure you have the routes correctly on both 2950 and Pix.
Carlos Roque
10-26-2005 06:44 AM
Sid,
Here is a link to configuring vlans on 506. With UR license you can have upto 2 logical vlan interfaces configured.
Also here is a link to intervlan routing on external router.
http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a00800949fd.shtml
If its a 1720 you cannot use it for inter vlan routing. 1721 can.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide