06-15-2008 04:06 PM - edited 03-05-2019 11:38 PM
Hi,
Overview of the basic layout is as show in the attachment. An additional note is that, the PIX and R7 is connected through a switch, CAT2.
*VLAN 24 is the primary untagged VLAN
CAT2 - PIX
interface FastEthernet0/2
switchport access vlan 24
switchport mode access
CAT2 - R7
interface FastEthernet0/7
switchport access vlan 7
switchport mode access
PIX
interface Ethernet0
nameif outside
security-level 0
ip address 192.1.24.10 255.255.255.0
!
interface Ethernet0.7
vlan 7
nameif DMZ7
security-level 25
ip address 10.7.7.10 255.255.255.0
R7
interface FastEthernet0/0
ip address 10.7.7.7 255.255.255.0
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 10.7.7.10
Above is the configurations as I have entered them, and VLANs have been created on the switch. As I can see, PIX E0 is in VLAN 24 and PIX E0.7 is in VLAN 7 and my R7 FA0/0 is also in VLAN7.
I am unable to ping the R7 address, 10.7.7.7 from the PIX. I think there is a problem with the VLANs, can anyone advise?
06-15-2008 04:16 PM
Hi
I think the interface to which PIX is connected it should be a trunk port.
U should define the default route in the switch not in the router.
U r router should have a route pointing to the SVI for which its the member of i.e vlan7
Have u created any SVI's in the switch..?
Thanks
Mahmood
06-15-2008 04:40 PM
Hi Mahmood,
Thanks for your reply, yup changing the switchport to trunk mode did it. I forgot to try that. Thanks for your help.
06-15-2008 04:43 PM
On the switch port connected to the PIX, you need to make it a trunk with both VLANs.
interface FastEthernet0/2
description Trunk to PIX
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 24
switchport trunk allow vlan 7,24
The "switchport trunk encapsulation dot1q" line may or may not be needed depending on the model and IOS version on the switch.
Your subject says "Intervlan routing" but it looks as if you really want straight layer 2 trunking on the switch. If you route between VLANs on the switch, you'll bypass the PIX firewall functionality.
I'm assuming that not shown is a switch port configured as access on VLAN 24 that connects to the Internet, also that R7 is an inside router for traffic on the DMZ.
06-15-2008 04:49 PM
thanks for the help =)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: