Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

transparent firewall and 4503 switch

I have a connection coming in via Fiber with a block of ip addresses given to me. I need to have my PIX setup in transparent mode in order to use these addresses on my internal network and still filter traffic.

Is it possible to send the traffic out from GBIC to the outside interface of my PIX in transparent mode and come back from the inside interface into my 4503 so all the traffic is then filtered on the same vlan.

6 REPLIES
Hall of Fame Super Blue

Re: transparent firewall and 4503 switch

Hi

Hope i have understood correctly.

Presumably the fiber connects into the 4503 switch ?

If so you would

1) Create a layer 2 vlan without a L3 SVI on the 4503

2) Create another layer 2 vlan but give this a L3 SVI

3) Connect the outside of the firewall to the L2 vlan and the inside of the firewall to the L2 vlan with the L3 interface.

HTH

Jon

New Member

Re: transparent firewall and 4503 switch

right now due to my contraints (attempting to upgrade infrastructure on a running network) , im stuck within a single vlan (vlan1). so i was planning on putting the fiber and outside interface on a separate vlan (vlan2) and the inside on vlan1 which the entire network is residing on.

I'm a lil unclear on the SVI configs, please help for Vlan1 and Vlan2.

Hall of Fame Super Blue

Re: transparent firewall and 4503 switch

Hi

Okay, that sounds fine. So if you do

"sh vlan" on the 4500 you should see vlan 1 and vlan 2. These are showing vlans at layer 2.

If you then do a

"sh ip int br" on the 4500 it should show you (amongst other things) any L3 interfaces for vlans eg you should see

vlan1 "ip address"

If you do vlan 1 needs to be on the inside of your firewall.

You should not see

vlan2 "ip address"

If you do you need to delete it, otherwise the 4500 will route between vlan 1 & 2 ie. it won't go through your firewall.

if you do have a vlan 2 L3 interface please ensure if you are deleting it that nothing is using it. By the sounds of what you say there shouldn't be.

HTH, please come back if not clear

Jon

New Member

Re: transparent firewall and 4503 switch

thanks for your help john.. unfortunately i am not at the switch until tomorrow but if i got this right let me know?

vlan 1 - has an ip address

example:

Interface Vlan1, ip address 10.0.0.1 255.255.255.0)

vlan 2 - add through vlan database but not assigned an interface or ip address.

(example:

do not put:

Interface Vlan2

no ip address

shutdown

Gbic - switchport access vlan 2

interface to pix outside - switchport access vlan 2

interface to pix inside - leave on vlan1

and the 4503 will NOT route between vlan1 and 2 because vlan2 has no ip address or interface ?

Hall of Fame Super Blue

Re: transparent firewall and 4503 switch

Yes, you have understood it perfectly.

Let me know how you get on.

Jon

New Member

Re: transparent firewall and 4503 switch

thanks Jon, solution worked perfect

124
Views
5
Helpful
6
Replies