Inside hosts connected to a L2 2950. Pix506e inside interface also connected to this switch and outside interface of the 506e is connected to a 2600 which is our T1 router.
All works smooth.
I just need to create vlans on this pix so I can put my mail server in one and all my hosts on the other
What are the commands or links so I can do this ?
Your going to have problems with this. You won't be able to route between the vlans on the 506e. I'm not even sure the 506 supports vlans I thought it was only on the 515's.
the 506e does support Vlans. It supports up 2 for a total of 4 interfaces
In fact, I had this setup done before but we had to swapt the firewall because the old one got fried.
Now, you mentioned routing, but like I said, when I had this going before, my INSIDE_VLAN and my DMZ_VLAN used to see each other. But perhaps I had them wide open, but I don't know. I had this setup done with the help of a Cisco ccna tech
Can you explain a bit more what you mean by not being able to route between the vlans?? excuse the basics, but I am just starting :)
check this link for details on the configuration:
Configuring PIX Firewall with VLANs
Keep in mind that the 506E only supports two VLANs (but from your post it sounds like that is all you need).
I think this example is what you are looking for. Remember the switch port must be configured in VLAN trunk mode and belong to both VLAN IDs.
description connected internet
ip address 18.104.22.168 255.255.255.248
description physical interface to switch
no ip address
description VLAN 1, default LAN for all computers
ip address 192.168.1.1 255.255.255.0
description VLAN 4 used for the mail server
ip address 10.10.10.1 255.255.255.0
I am following your steps but I would like to know why no security level to interface ethernet1?
would it matter? or do I have to put the command "no nameif ethernet1 inside security100" ?
interface ethernet0 100full
interface ethernet1 100full
interface ethernet1 vlan10 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan10 DMZ security25
Here's an example that might work for you.