Options

inter vlan routing with pix 506e

johnwest43johnwest43 Member Posts: 294
in CCNA & CCENT
Quick question
I have a pix 506e connected to a 2912xl switch. I have 2 vlans set up.
inside physical vlan 100
guest logical vlan 90

everything is working except intervlan routing. I want to be able to "talk" to vlan 90 from vlan 100. Valn 100 security is 100 and vlan 90 secuirty is 90.

What do I need for an access list and access group to be able to do this?

thanks
CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
· Share on FacebookShare on Twitter

Comments

  • Options
    chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    What are you using to allow inter-vlan routing?
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
    · Share on FacebookShare on Twitter
  • Options
    johnwest43johnwest43 Member Posts: 294
    The pix itself. the cisco site says it can be done but you have to setup an access list.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
    · Share on FacebookShare on Twitter
  • Options
    chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    Is this what you have?

    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/product_data_sheet09186a0080091b13.pdf

    Can you show me where you are getting your information from?

    The most popular way to enable inter-vlan routing is using a router, with a method called router-on-a-stick.

    From the overview of this manual, though the pix supports VLANs, it does not perform layer 3 routing.

    You will need an actual router to enable inter-VLAN routing.
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
    · Share on FacebookShare on Twitter
  • Options
    johnwest43johnwest43 Member Posts: 294
    Here is one link that talks about it in a slighly differnet application but none the less it shows its possible the pix is a layer 3 device. pix email server dmz
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
    · Share on FacebookShare on Twitter
  • Options
    chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    My point is you need a router to forward packets from one vlan to another. Perhaps I'm not understanding the issue. I'll eave it for someone else to help you, sorry.
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    I vaguely recall being able to get this to work a few years ago, and I believe it was on a pix 515. If I remember right, I had to do some voodoo with internal static routes to get it playing nice.

    Apologies I can't be more help, I moved away from hardware appliance firewalls years ago
    · Share on FacebookShare on Twitter
  • Options
    johnwest43johnwest43 Member Posts: 294
    I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
    · Share on FacebookShare on Twitter
  • Options
    chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    johnwest43 wrote: »
    I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.

    Let us know!
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
    · Share on FacebookShare on Twitter
  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    johnwest43 wrote: »
    I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.

    TO me it seems like all you would need to do is to make 2 static routes and it should work but I want to see what you come up with to make it work.
    · Share on FacebookShare on Twitter
  • Options
    johnwest43johnwest43 Member Posts: 294
    icon_cheers.gificon_cheers.gificon_cheers.gif
    got it!!

    global (outside) 1 interface
    global (dmz) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0

    pretty simple!
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
    · Share on FacebookShare on Twitter
Sign In or Register to comment.