Re: interconnect vlan with pix

zekenshin · ‎06-02-2003

Hi all

I have this configuration :

switch catalyst 2950 (SI) with vlan 2 and vlan 3 and one port on native vlan (vlan 1) which is the trunk port. Trunk port is connected to the inside interface of my pix 515.

On pix i create vlan2 on physical interface and vlan3 on logical interface.

The computers which are on vlan2 and vlan3 can ping the net but they can't ping pc which are on another vlan. I will that vlan can communicate between them.

I would know if it's infrastructure is possible and if yes how i can apply this to my network (with no router).

Thank you in advance

Kenshin

konigl · ‎06-03-2003

I think you need multiple physical interfaces on the PIX, one per VLAN, if you want to use it like a router to allow communications between VLANs. And I think that after two (or is it three?) physical interfaces you need to have the unrestricted license software, which costs more. At least, that's how it used to be.

The PIX can't do "hairpin turns", that is, send traffic back out the same interface it came in on. Unless something has changed recently. Routers and multilayer switches can do this, however.

Was not aware you could do physical and logical interfaces, either, and multiple VLANs, on a PIX. If this is a new capability, then maybe what you're running into is a permissions problem in the access-lists. Are ICMP echos permitted to go from one VLAN to the other, and are the ICMP echo-replys permitted to come back?

I guess I better read the latest manuals and see what I'm missing...

zekenshin · ‎06-03-2003

Thank you for your answer , it's really appreciate

Kenshin