Options
inter vlan routing with pix 506e
johnwest43
Member Posts: 294
in CCNA & CCENT
Quick question
I have a pix 506e connected to a 2912xl switch. I have 2 vlans set up.
inside physical vlan 100
guest logical vlan 90
everything is working except intervlan routing. I want to be able to "talk" to vlan 90 from vlan 100. Valn 100 security is 100 and vlan 90 secuirty is 90.
What do I need for an access list and access group to be able to do this?
thanks
I have a pix 506e connected to a 2912xl switch. I have 2 vlans set up.
inside physical vlan 100
guest logical vlan 90
everything is working except intervlan routing. I want to be able to "talk" to vlan 90 from vlan 100. Valn 100 security is 100 and vlan 90 secuirty is 90.
What do I need for an access list and access group to be able to do this?
thanks
CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
Comments
-
Optionsjohnwest43 Member Posts: 294The pix itself. the cisco site says it can be done but you have to setup an access list.CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
-
Optionschmorin Member Posts: 1,446 ■■■■■□□□□□Is this what you have?
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/product_data_sheet09186a0080091b13.pdf
Can you show me where you are getting your information from?
The most popular way to enable inter-vlan routing is using a router, with a method called router-on-a-stick.
From the overview of this manual, though the pix supports VLANs, it does not perform layer 3 routing.
You will need an actual router to enable inter-VLAN routing.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
Optionsjohnwest43 Member Posts: 294Here is one link that talks about it in a slighly differnet application but none the less it shows its possible the pix is a layer 3 device. pix email server dmzCCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
-
Optionschmorin Member Posts: 1,446 ■■■■■□□□□□My point is you need a router to forward packets from one vlan to another. Perhaps I'm not understanding the issue. I'll eave it for someone else to help you, sorry.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle.
-
OptionsForsaken_GA Member Posts: 4,024I vaguely recall being able to get this to work a few years ago, and I believe it was on a pix 515. If I remember right, I had to do some voodoo with internal static routes to get it playing nice.
Apologies I can't be more help, I moved away from hardware appliance firewalls years ago -
Optionsjohnwest43 Member Posts: 294I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
-
Optionschmorin Member Posts: 1,446 ■■■■■□□□□□johnwest43 wrote: »I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.
Let us know!Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
OptionsBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□johnwest43 wrote: »I konw there is a way to do it, its just gonna take some trial and error. Hopefullly i can figure it out by the end of the week.
TO me it seems like all you would need to do is to make 2 static routes and it should work but I want to see what you come up with to make it work. -
Optionsjohnwest43 Member Posts: 294
got it!!
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
pretty simple!CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014