Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
7
Helpful
3
Replies

Trunking on Cisco PIX 525 firewall

fsebera
Level 4
Level 4

‎04-16-2003 12:57 PM - edited ‎03-02-2019 06:43 AM

Currently, we have a Cisco PIX firewall model 525, IOS 6.0(2) Pentum III 600MHz with 128MB Ram with 2GE and 2FE ports. The Cisco PIX firewall device manager is version 1.1(2).

The Cisco PIX firewall gigabit interface 0/1 connects to a Cisco 6500 switch module gigabit 2/1 and assigned VLAN 2. Network and subnet mask statement is 12.45.212.0 255.255.254.0

The Cisco PIX firewall inside gigabit interface currently supports one flat IP network, while the outside gigabit interface connects to a Cisco 6500 switch with MSFC used as the default gateway.

Current Inside gigabit network interface g0/1

--- 12.45.212.0 255.255.254.0

VLAN 2

NEW Suggested Inside gigabit network interface g0/1

--- 12.45.214.0 255.255.254.0

VLAN 3

Outside gigabit network interface g0/2

--- 192.168.1.1 255.255.255.240

VLAN 20

QUESTIONS:

We need connectivity between VLAN 2 and VLAN 3 and the outside world. To enable communication between the two VLANS and to the outside world requires a trunk link between the Cisco PIX firewall gigabit 0/1 interface and the Cisco 6500 port G2/1 – RIGHT?

Does our current PIX firewall software/hardware support trunking in this configuration?

Should we use ISL or 802.1q protocol? Does it matter?

Should we combine VLAN 2 and VLAN 3 into one flat IP VLAN with a subnet mask of /22?

Additional comments?

Labels:
0 Helpful
3 Replies 3

a.manosca
Level 4
Level 4

‎04-16-2003 05:40 PM

The PIX does not understand ISL or 802.1Q encapsulation:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml#Q28

Are you using a separate 6500 switch for PIX's outside interface? If I understand it correctly, PIX's INSIDE (gi0/1) is connected to Cat6500 (gi2/1). Then PIX's OUTSIDE is connected to another 6500 with MSFC. If VLANs 2 and 3 are located behind the INSIDE interface of the PIX, I think you should combine them to be able to pass through the PIX since the PIX doesn't support trunking.

g.senatore
Level 1
Level 1
In response to a.manosca

‎04-17-2003 12:53 AM

If you use the new version 6.3.1 the PIX understand the 802.1q encapsulation:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a008015e582.html

Regards,

Gilberto

fsebera
Level 4
Level 4
In response to a.manosca

‎04-17-2003 06:46 AM

Thanks for the assistance!

The Cisco 6500 switch named "Inside-A" does not have an MSFC, the firewall is the default gateway for the current vlan 2 on G0/1 interface. I plan to add another vlan, vlan 3 to the Cisco 6500 switch "Inside-A".

I need the firewall to also be the default gateway for this vlan 3 on the same g0/1 interface as vlan 2.

Yes, the outside switch is a different switch named "Outside-B"

I will look at the upgrade OS for trunk support.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents