InternVLAN rules on PIX506

Answered Question
Jun 6th, 2008
User Badges:

Hi all,


I need to build up a DMZ with a PIX506. My idea is to make a trunk between PIX and switch, assign a VLAN for the DMZ.


Mi question is, can PIX506 handle firewall-rules between the VLAN's (internal <-> dmz)?


Thank's,

Norbert

Correct Answer by Jon Marshall about 8 years 11 months ago

Norbert


Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.


So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.


Does this answer your question ?


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 06/06/2008 - 03:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Norbert


Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.


So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.


Does this answer your question ?


Jon

alig.norbert Fri, 06/06/2008 - 04:58
User Badges:

Jon


Thank's for the answer.


Yes I want to control the traffic between DMZ (VLAN-xx)<-> inside (VLAN-yy) over the PIX.


Greets,

Norbert

Actions

This Discussion