Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1143
Views
0
Helpful
3
Replies

PIX firewall VLAN

Go to solution
pramod
Level 1
Level 1

‎07-13-2010 01:56 AM - edited ‎03-11-2019 11:10 AM

Hi,

I am currently having a cisco switch and a pix firewall,

how to create vlans on firewall to provide intervlan routing

and i have to nat the vlan subnets to outside interface,

one more requirement is i need to give outside host to inside access !

experts please help me

Thanks,

Pramod

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee

‎07-13-2010 06:07 AM

Pramod,

Here is a document on how to configure PIX sub-interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intparam.html

Once you have the sub-interfaces configured, you can treat them each as a separate "zone".  For instance:

interface ethernet0/0.1

vlan 101

nameif inside

ip address 10.1.1.1 255.255.255.0

security-level 100

interface ethernet0/0.2

vlan 102

nameif dmz

ip address  10.1.2.1 255.255.255.0

security-level 50

interface ethernet0/0.3

vlan 103

nameif outside

ip address x.x.x.x 255.255.255.0

security-level 0


nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Let me know if this helps!  If so, please be sure to mark this topic as answered.

Best Regards,

Kevin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee

‎07-13-2010 06:07 AM

Pramod,

Here is a document on how to configure PIX sub-interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intparam.html

Once you have the sub-interfaces configured, you can treat them each as a separate "zone".  For instance:

interface ethernet0/0.1

vlan 101

nameif inside

ip address 10.1.1.1 255.255.255.0

security-level 100

interface ethernet0/0.2

vlan 102

nameif dmz

ip address  10.1.2.1 255.255.255.0

security-level 50

interface ethernet0/0.3

vlan 103

nameif outside

ip address x.x.x.x 255.255.255.0

security-level 0


nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Let me know if this helps!  If so, please be sure to mark this topic as answered.

Best Regards,

Kevin

0 Helpful

Go to solution
pramod
Level 1
Level 1
In response to Kevin Redmon

‎07-14-2010 08:32 PM

Thanks a lot, can you please help me for the below posted link ?

https://supportforums.cisco.com/thread/2032049

Thanks in advance

0 Helpful

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee
In response to pramod

‎07-15-2010 05:53 AM

K.G,

If the previous response was adequate to solve your issue, please be sure to mark it as answered so others can benefit from the knowledge.  I'll take a look at the other post now.

Best Regards,

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card