VLAN's sharing common services via FW

rboldy123 · ‎08-21-2007

Hi,

I need to allow multiple vlans access to shared subnets whist maintaining vlan and IP security via a FW. What's be best way of doing this ?

royalblues · ‎08-21-2007

Which FW do you have?

if you have an ASA firewall you can create security contexts and map these to each vlan you create on the switches

HTH

Narayan

rboldy123 · ‎08-21-2007

Thanks,

That's basically what I'm looking to do. I have Checkpoint FW, is it possible to map vlans to subnet's/ports using Checkpoint ?

Jon Marshall · ‎08-21-2007

Hi

Not entirely sure i fully understand your requirements.

If you want to map checkpoint interfaces to vlans then just ensure the relevant port that the checkkpoint interface connects into is in the right vlan.

Checkpoints can also do 802.1q trunking.

Jon

royalblues · ‎08-22-2007

Jon,

I think the user wants to have virtual instances & each instance to be mapped to one vlan.

If we map the physical interfaces, thne he may require a lot of them depending on the vlans

Narayan

rboldy123 · ‎08-22-2007

yes I have an 802.1q truck carrying multiple vlans to the FW and the same on the other side...

for example I want to allow vlan 10,20 & 30 to access vlan 100 on the inside but don't want 10,20 & 30 to be able to talk to each other via vlan 100 !