Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Catalyst 4005 and Vlans routing policy

hi everybody,

i have a little question which is very simple for experts.

So my infrastructure is created with two 4005 HSRP and multi Vlans.

I have a DMZ isolated on an external switch but i have ports free for this DMZ on both of the 4005's so i want to know how to create a VLAN on it to replace my isolated switch, i want to use the HSRP default gateway created for the DMZ VLAN and forward packets to the PIX interfaces. I want to be sure that when this DMZ VLAN tries to reply to others Vlans on the same switch (2*4005)that packets passtrough the PIX everytime.

Can you give me some help ?

Sorry for my poor english

I can update if you want to know something else

Thx

  • Other Network Infrastructure Subjects
1 REPLY

Re: Catalyst 4005 and Vlans routing policy

I would recommend not to do this. Why would you want to use your DMZ (of course on an isolated vlan) but on the same inside switch as your inside network. If your switch gets hacked, you are done.

You can instead setup failover between two PIX firewalls (unless you have only one PIX) and still have redundancy. You can then setup static and access-lists to control what networks/protocols are accessible from the DMZ to the inside.

127
Views
0
Helpful
1
Replies
This widget could not be displayed.