Separate 2 internal networks

Unanswered Question


I have the following network setup on my pix.

Interface 0 is internet --static ip

Interface 1 is internal is regular computers.

                                 vlan3 -- is public internet

Also we have 2 dhcp scopes setup, one for each network

Its all working great except for one thing.

when someone is on the public I don't want them to be able to get to anything on the regular 10.1.1.x network.

I have attached my current running config.

Also this is a pix 515 running 804


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Mon, 05/24/2010 - 23:57
User Badges:
  • Cisco Employee,

Base on your configuration, the public subnet is not even configured on the PIX firewall. It is directly connected on your internal switch/router, therefore, traffic between and can reach each other. If you would like the public subnet to be segragated from the inside network, you need to configure a public interface on the PIX firewall and it needs to be the default gateway for that subnet.

Hope that helps.


This Discussion