04-16-2007 01:35 AM - edited 03-03-2019 04:33 PM
Dears Netpro!
I want to simulate Site 2 Site Vpn Between 2 pix 515;How can i connect these 2 Pix?is Via Crosse cable or what?medan have provided me the config in previous post
regards
ALI
04-16-2007 02:03 AM
Hi Ali
It depends on the config medan sent. The best thing to do is to use a router between the 2 pix firewalls. You can either connect the pix firewalls directly into the router interfaces using crossover cables or you can use a switch and use straight thru cables for the pix firewalls and the router.
You can use a crossover directly between the 2 pix firewalls but you may need to modify medan's config.
Could you post config ??
Jon
04-16-2007 02:12 AM
Hi Jon!
as u mention i need moreover 1 router;1 switch?to simulate the Network;could u plz Drawing for me like this network
10xs
04-16-2007 02:24 AM
Hi Ali
Hope this comes out okay - if not i'll do visio.
------------ Local Lan 1
|
|
| inside interface
------
| pix1 |
------
| outside interface
|
| e0
------
|router|
------
| e1
|
| outside interface
------
| pix2 |
------
| inside interface
|
|
----------- Local Lan 2
You can use one switch to create all this.
You need 4 vlans on the switch. They will be used as follows
1) Vlan for local lan 1 + inside interface of pix1.
2) Vlan for pix1 outside interface and router e0 interface.
3) Vlan for router e1 interface and pix2 outside interface.
4) vlan for pix2 inside interface and local lan 2.
Alternatively you can just use crossover cables everywhere and not bother with a switch.
HTH
Jon
04-16-2007 02:39 AM
Dear Jon!
appreciate ur great reply to my all posts
10xs a lot
ALI
04-16-2007 02:44 AM
HI JON!
if i use switch instead of routerplz list a simple config for this:
1)Vlan for local lan 1 + inside interface of pix1
2)
if on the router also plz list a simple config
10xs for ur help
04-16-2007 02:46 AM
Hi Jon!
if u have config like this scenario or similar plz provide it to me
10xs
04-16-2007 03:01 AM
Hi Ali
Could you let me know which bits of kit you want to use and whether you are going to connect the pix devices directly together or whether you want a router in between.
Also do you want to use a switch or not.
Which configs do you need ?
Jon
04-16-2007 03:06 AM
Hi Jon!
i will use switch 3550.
10xs for ur reply
ALI
04-16-2007 04:36 AM
Hi Jon!
i still waiting ur config for the scenario
10xs
04-16-2007 04:58 AM
Hi Ali
Sorry, i just wasn't sure what config you needed.
You have 2 pix firewalls and a 3550 switch.
On the switch
3550(config)# vlan 10
3550(config-vlan)# name local_lan1
3550(config)# vlan 11
3550(config-vlan)# name pix1_outside
3550(config)# vlan 12
3550(config-vlan)# name local_lan2
3550(config)# int range fa0/1 - 2
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 10
3550(config-if-range)# spanning-tree portfast
3550(config)# int range fa0/3 - 4
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 11
3550(config-if-range)# spanning-tree portfast
3550(config)# int range fa0/5 - 6
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 12
3550(config-if-range)# spanning-tree portfast
Connect pix1 inside interface into vlan 10. The other port in vlan 10 is used for a pc.
Connect pix1 outside interface into vlan 11.
Connect pix2 outside interface into vlan 11
Connect pix2 inside interface into vlan 12. The other port in vlan 12 can be used for a pc.
With this setup the outside interface of pix1 and the outside interface of pix2 need to be in
the same IP subnet.
So example addressing
PC1 (192.168.1.2/24) -> PIX1(inside) 192.168.1.1/24 -> PIX1(outside) 192.168.5.1/30 ->
PIX2(outside) 192.168.5.2/30 -> PIX2(inside) 192.168.10.1/24 -> PC2 (192.168.10.2/24)
You will probably need to modify Medan's config.
if you want to put a router in between the pix firewalls then let me know.
HTH
Jon
04-17-2007 09:38 AM
Hello Jon
what about the Router between these 2 pixs;what would be the config?
10xs
04-18-2007 12:00 AM
Hi Ali
You could use crossovers between the pix firewalls and the router but assuming you use a switch for all the connectivity
3550(config)# vlan 10
3550(config-vlan)# name local_lan1
3550(config)# vlan 11
3550(config-vlan)# name pix1_to_router
3550(config)# vlan 14
3550(config-vlan)# name router_to_pix2
3550(config)# vlan 15
3550(config-vlan)# name local_lan2
3550(config)# int range fa0/1 - 2
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 10
3550(config-if-range)# spanning-tree portfast
3550(config)# int range fa0/3 - 4
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 11
3550(config-if-range)# spanning-tree portfast
3550(config)# int range fa0/5 - 6
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 14
3550(config-if-range)# spanning-tree portfast
3550(config)# int range fa0/7 - 8
3550(config-if-range)# switchport
3550(config-if-range)# switchport access vlan 15
3550(config-if-range)# spanning-tree portfast
router(config)#int fa0/0
router(config-if)# ip address 10.5.1.1 255.255.255.252
router(config-if)# no shut
router(config)#int fa0/1
router(config-if)# ip address 10.6.1.1 255.255.255.252
router(config-if)# no shut
Connect pix1 inside interface into vlan 10. The other port in vlan 10 is used for a pc.
Connect pix1 outside interface into vlan 11.
Connect fa0/0 interface on router into vlan 11.
Connect fa0/1 interface on router into vlan 14
Connect pix2 outside interface into vlan 14
Connect pix2 inside interface into vlan 15. The other port in vlan 15 can be used for a pc.
Example addressing
PC1 (192.168.1.2/24) -> PIX1(inside) 192.168.1.1/24 -> PIX1(outside) 10.5.1.2/30 ->
router (fa0/0) 10.5.1.1/30 -> router (fa0/1) 10.6.1.1 -> PIX2(outside) 10.6.1.2 ->
PIX2(inside) 192.168.10.1/24 -> PC2 (192.168.10.2/24)
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide