Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX firewall VLAN

Hi,

I am currently having a cisco switch and a pix firewall,

how to create vlans on firewall to provide intervlan routing

and i have to nat the vlan subnets to outside interface,

one more requirement is i need to give outside host to inside access !

experts please help me

Thanks,

Pramod

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX firewall VLAN

Pramod,

Here is a document on how to configure PIX sub-interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intparam.html

Once you have the sub-interfaces configured, you can treat them each as a separate "zone".  For instance:

interface ethernet0/0.1

vlan 101

nameif inside

ip address 10.1.1.1 255.255.255.0

security-level 100

interface ethernet0/0.2

vlan 102

nameif dmz

ip address  10.1.2.1 255.255.255.0

security-level 50

interface ethernet0/0.3

vlan 103

nameif outside

ip address x.x.x.x 255.255.255.0

security-level 0


nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Let me know if this helps!  If so, please be sure to mark this topic as answered.

Best Regards,

Kevin

3 REPLIES
Cisco Employee

Re: PIX firewall VLAN

Pramod,

Here is a document on how to configure PIX sub-interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intparam.html

Once you have the sub-interfaces configured, you can treat them each as a separate "zone".  For instance:

interface ethernet0/0.1

vlan 101

nameif inside

ip address 10.1.1.1 255.255.255.0

security-level 100

interface ethernet0/0.2

vlan 102

nameif dmz

ip address  10.1.2.1 255.255.255.0

security-level 50

interface ethernet0/0.3

vlan 103

nameif outside

ip address x.x.x.x 255.255.255.0

security-level 0


nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Let me know if this helps!  If so, please be sure to mark this topic as answered.

Best Regards,

Kevin

New Member

Re: PIX firewall VLAN

Thanks a lot, can you please help me for the below posted link ?

https://supportforums.cisco.com/thread/2032049

Thanks in advance

Cisco Employee

Re: PIX firewall VLAN

K.G,

If the previous response was adequate to solve your issue, please be sure to mark it as answered so others can benefit from the knowledge.  I'll take a look at the other post now.

Best Regards,

Kevin

688
Views
0
Helpful
3
Replies
CreatePlease to create content