PIX 501 and VLANs.

Unanswered Question
May 22nd, 2008

Hi all,

I need help. We have one PIX 501 which

connects our internal network to Internet.

But we need to create two VLANs.

And PIX 501 doesnt do this.

Any suggestions?

BR

jl

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

The PIX 501 does not support VLAN's, if you have to have 2 VLANS's, you could use a router. If you have a router in the network or lying about doing nothing, you can configure the router to be the routing device between the VLAN's. You could also use any kind of switch that supports layer 3 routing?

Do you have a router or switch available?

johnleeee Sun, 05/25/2008 - 00:03

Hi Andrew,

thanks a lot for advice. I was thinking about

buying new L3 switch but maybe better solution will be to buy new PIX 506E.

What do you think about this solution?

Answer to your question:

Now we have not router or L3 switch.

BR

jl

John,

You can purchase a 506 - that will give you the vlan funtionality, and you could buy a L3 switch which will also give you vlan capabilities.

However if you want to keep the costs down - you could just buy a router, which will give you all the inter-vlan routing capability you need....as long as you have a switch that supports 802.1q vlan trunking?

If not - you would be better off with a L3 switch!

HTH.

JORGE RODRIGUEZ Sun, 05/25/2008 - 13:19

Agree with Steven, most if not all of our recommendations to clients is to use the newer asa firewall products in a migration path, beside, not will the asa5505 provide you with up to 20 virtual interfaces with Sec plus license, but other numerous features pix code 6.3(5) does not come close to providing.

Ultimatelly the pix 506 cannot go beyond code 6.3(5) and probably give you up to 2 vlans maximun, and from clients experience out there they end up in a dead lock when needing new features, you want to have a product in your network whether is small that would be able to move forward with 7.x/8.x codes.

If the above is not of a concern at all, then what Andrew sugested would work.

Rgds

-Jorge

Actions

This Discussion